Analysis Overview
SHA256
b7dd3bce3ebfbc2d5e3a9f00d47f27cb6a5895c4618c878e314e573a7c216df1
Threat Level: Known bad
The file The-MALWARE-Repo-master.zip was found to be: Known bad.
Malicious Activity Summary
Revengerat family
Wipelock family
Modifies WinLogon for persistence
Modiloader family
UAC bypass
RevengeRat Executable
ModiLoader First Stage
Darkcomet family
Remcos family
Wipelock Android payload
Njrat family
Disables Task Manager via registry modification
Office macro that triggers on suspicious action
Disables RegEdit via registry modification
Suspicious Office macro
ASPack v2.12-2.42
Checks computer location settings
Modifies system executable filetype association
A potential corporate email address has been identified in the URL: [email protected]
Declares broadcast receivers with permission to handle system events
Drops desktop.ini file(s)
Enumerates connected drives
Writes to the Master Boot Record (MBR)
Declares services with permission to bind to the system
Requests dangerous framework permissions
UPX packed file
Drops file in System32 directory
AutoIT Executable
Drops file in Program Files directory
Drops file in Windows directory
Resource Forking
Unsigned PE
Access Token Manipulation: Create Process with Token
Enumerates physical storage devices
Browser Information Discovery
System Location Discovery: System Language Discovery
NSIS installer
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: SetClipboardViewer
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Modifies Control Panel
Checks SCSI registry key(s)
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Runs regedit.exe
Suspicious use of FindShellTrayWindow
Modifies registry class
System policy modification
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-14 20:45
Signatures
Darkcomet family
ModiLoader First Stage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Modiloader family
Njrat family
Remcos family
RevengeRat Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Revengerat family
Wipelock Android payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Wipelock family
Office macro that triggers on suspicious action
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious Office macro
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Declares broadcast receivers with permission to handle system events
| Description | Indicator | Process | Target |
| Required by device admin receivers to bind with the system. Allows apps to manage device administration features. | android.permission.BIND_DEVICE_ADMIN | N/A | N/A |
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by wallpaper services to bind with the system. Allows apps to provide live wallpapers. | android.permission.BIND_WALLPAPER | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral8
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 20:50
Platform
win7-20240903-en
Max time kernel
23s
Max time network
35s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\Program Files\\mrsmajor\\Launcher.vbs\"" | C:\Windows\System32\wscript.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\System32\wscript.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\disableregistrytools = "1" | C:\Windows\System32\wscript.exe | N/A |
Disables Task Manager via registry modification
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Music\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\Music\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Admin\Videos\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
Enumerates connected drives
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\mrsmajor\CPUUsage.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\WinLogon.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\def_resource\creepysound.mp3 | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\def_resource\f11.mp4 | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\Icon_resource\SkullIco.ico | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\MrsMjrGui.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\Doll_patch.xml | C:\Windows\System32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\default.txt | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\def_resource\@Tile@@.jpg | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\DreS_X.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\mrsmajorlauncher.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\CPUUsage.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\def_resource\Skullcur.cur | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\Launcher.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\MrsMjrGuiLauncher.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\reStart.vbs | C:\Windows\system32\wscript.exe | N/A |
Access Token Manipulation: Create Process with Token
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\wscript.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MrsMajors\BossDaMajor\BossDaMajor.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Control Panel\Cursors\AppStarting = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur" | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Control Panel\Cursors\Hand = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur" | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Control Panel\Cursors | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Control Panel\Cursors\Arrow = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur" | C:\Windows\System32\wscript.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\shutdown.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\shutdown.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system | C:\Windows\System32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\System32\wscript.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MrsMajors\BossDaMajor\BossDaMajor.exe
"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MrsMajors\BossDaMajor\BossDaMajor.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\B5B9.vbs
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" "C:\Program files\mrsmajor\mrsmajorlauncher.vbs" RunAsAdministrator
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" "C:\Program Files\mrsmajor\def_resource\f11.mp4"
C:\Windows\System32\shutdown.exe
"C:\Windows\System32\shutdown.exe" -r -t 03
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
Network
Files
C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\B5B9.vbs
| MD5 | 5706bc5d518069a3b2be5e6fac51b12f |
| SHA1 | d7361f3623ecf05e63bb97cc9da8d5c50401575c |
| SHA256 | 8a74eead47657582c84209eb4cdba545404d9c67dd288c605515a86e06de0aad |
| SHA512 | fb68727db0365ab10c5b0d5e5e1d44b95aa38806e33b0af3280abcefae83f30eb8252653e158ac941320f3b38507649cce41898c8511223ee8642339cfece047 |
C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\CPUUsage.vbs
| MD5 | 0e4c01bf30b13c953f8f76db4a7e857d |
| SHA1 | b8ddbc05adcf890b55d82a9f00922376c1a22696 |
| SHA256 | 28e69e90466034ce392e84db2bde3ad43ad556d12609e3860f92016641b2a738 |
| SHA512 | 5e66e2793e7bc88066b8df3dccb554351287dea18207e280b69d7798ecd5cdc99bd4c126c3e394db9f45f54bb561e6688f928de4f638c5eca4f101dc2cea54a1 |
C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\default.txt
| MD5 | 30cfd8bb946a7e889090fb148ea6f501 |
| SHA1 | c49dbc93f0f17ff65faf3b313562c655ef3f9753 |
| SHA256 | e1ebbd3abfcaddf7d6960708f3ccd8eda64c944723f0905ff76551c692b94210 |
| SHA512 | 8e7d98e6d0c05d199114d2d6ab8da886aed68de690c4d79643868eaf051c229fff94c88d937adb3da5e31fe48116613cf79dd00dda30f296746ce0a8aded9fe2 |
C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\def_resource\creepysound.mp3
| MD5 | 4a9b1d8a8fe8a75c81ddba3e411ddc5d |
| SHA1 | e40cb1ee4490f6d7520902e12222446a8efbf9a8 |
| SHA256 | 79e9a3611494b5ffafaa79788ba7e11dd218e3800c40b56684ccc0c33ab64eac |
| SHA512 | e7a28acb04ca33d57efe0474bb67d6d4b8ceff9198198b81574c76c835d5df05d113fc468f4a4434580b1b58189f38184c376976604dc05d1424af1721995601 |
C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\def_resource\@Tile@@.jpg
| MD5 | 3e21bcf0d1e7f39d8b8ec2c940489ca2 |
| SHA1 | fa6879a984d70241557bb0abb849f175ace2fd78 |
| SHA256 | 064f135fcc026a574552f42901b51052345f4b0f122edd7acd5f2dcc023160a5 |
| SHA512 | 5577e20f76d6b1cccc513392532a09bdc6dcd3a8a177b8035dc5d7eb082e0093436068f92059e301c5987e6122c4d9aff3e5ae9cc94ccc1ecc9951e2785b0922 |
C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\def_resource\f11.mp4
| MD5 | 17042b9e5fc04a571311cd484f17b9eb |
| SHA1 | 585d91c69c3f9e3d2e8cb8cf984871d89cc4adbb |
| SHA256 | a9b0f1f849e0b41924f5e80b0c4948e63fc4b4f335bbdf0f997b03a3aff55424 |
| SHA512 | 709076c6cef8dd61701c93e1fe331d2b1a218498b833db10ee4d2be0816e3444aeebfa092ab1bd10322617cf3385414e8fdb76fd90f25b44ac24d38937b4d47f |
C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\def_resource\Skullcur.cur
| MD5 | cea57c3a54a04118f1db9db8b38ea17a |
| SHA1 | 112d0f8913ff205776b975f54639c5c34ce43987 |
| SHA256 | d2b6db8b28112da51e34972dec513278a56783d24b8b5408f11997e9e67d422b |
| SHA512 | 561860907fa2f53c7853094299758232a70c0cd22c6df3534abd094c6970f28792c6c334a33b129d661a46930d90fd8c98f11cb34f3e277cf20a355b792f64f0 |
C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\DreS_X.bat
| MD5 | ba81d7fa0662e8ee3780c5becc355a14 |
| SHA1 | 0bd3d86116f431a43d02894337af084caf2b4de1 |
| SHA256 | 2590879a8cd745dbbe7ad66a548f31375ccfb0f8090d56b5e4bd5909573ac816 |
| SHA512 | 0b768995187f988dc15d055f9689cee3ab3908d10b05a625b40d9757c101e067bbd6067ccbcf1951ebb683f5259eec562802ea6161d59475ce86cf6bc7c957f2 |
C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\Launcher.vbs
| MD5 | b5a1c9ae4c2ae863ac3f6a019f556a22 |
| SHA1 | 9ae506e04b4b7394796d5c5640b8ba9eba71a4a6 |
| SHA256 | 6f0bb8cc239af15c9215867d6225c8ff344052aaa0deeb3452dbf463b8c46529 |
| SHA512 | a644c48562e38190720fb55a6c6e7d5ccfab60f362236fe7d63caebdc01758f17196d123fb37bd11f7e247ce8ab21812165b27496d3bd6ca5e2c5efefab8fb03 |
C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\mrsmajorlauncher.vbs
| MD5 | e3fdf285b14fb588f674ebfc2134200c |
| SHA1 | 30fba2298b6e1fade4b5f9c8c80f7f1ea07de811 |
| SHA256 | 4d3aa3ecd16a6ba46a9d6c0bdacdcd9dce70d93585941a94e544696e3e6f7d92 |
| SHA512 | 9b0bfbb07c77d9e9979a6c0f88b0a93010133f7dd3cf01e1de5dfbe812a5ed920e916d16d6a32fe21b9ee4b5425e61a616ded1aeeb35a410d4f77c0f9392ed0a |
C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\MrsMjrGui.exe
| MD5 | 450f49426b4519ecaac8cd04814c03a4 |
| SHA1 | 063ee81f46d56544a5c217ffab69ee949eaa6f45 |
| SHA256 | 087fca40e079746b9c1dfaf777d3994c0321ea8f69d08238cdfc02fb109add1d |
| SHA512 | 0cae15d863120f4edc6b6dabfe2f0f3d2e028057025d7d5ffe615cde8144f29bdaf099850e91e101e95d13f8a83cb1410a06172dda25a5f92967abcbc8453cbc |
C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\MrsMjrGuiLauncher.bat
| MD5 | c7146f88f4184c6ee5dcf7a62846aa23 |
| SHA1 | 215adb85d81cc4130154e73a2ab76c6e0f6f2ff3 |
| SHA256 | 47e6c9f62ffc41fbc555f8644ad099a96573c8c023797127f78b1a952ca1b963 |
| SHA512 | 3b30fa1334b88af3e3382813d316104e3698173bb159c20ff3468cf3494ecfbbc32a9ae78b4919ecd47c05d506435af4a7ccee0576c0d0018a81fbd1b2dfcf10 |
C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\WinLogon.bat
| MD5 | 870bce376c1b71365390a9e9aefb9a33 |
| SHA1 | 176fdbdb8e5795fb5fddc81b2b4e1d9677779786 |
| SHA256 | 2798dad008f62aace1841edfb43146147a9cade388c419c96da788fcaa2f76bc |
| SHA512 | f17c9898f81387daf42c9b858f507889919474ac2a17f96fc6d4606be94327e0b941b23a3ccc3f4af92b8abc0522e94745616da0564cdef1c3f20ee17ee31f53 |
C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\reStart.vbs
| MD5 | 0851e8d791f618daa5b72d40e0c8e32b |
| SHA1 | 80bea0443dc4cc508e846fefdb9de6c44ad8ff91 |
| SHA256 | 2cbd8bc239c5cfc3ef02f8472d867dff61e5aed9fde8a3823cda28cc37d77722 |
| SHA512 | 57a9d1d75dbbab842060b29f01958f7e6b27d0175ff9a3f7b97e423c1b4e3fae94547a569c2e5c88224fc5dcc785f5a1d49c61199a8c7b3afeb4fc520600df40 |
C:\Users\Admin\AppData\Local\Temp\B5B8.tmp\mrsmajor\Icon_resource\SkullIco.ico
| MD5 | c7bf05d7cb3535f7485606cf5b5987fe |
| SHA1 | 9d480d6f1e3f17d5018c1d2f4ae257ae983f0bb5 |
| SHA256 | 4c1cfbe274f993941ac5fa512c376b6d7344800fb8be08cc6344e6c16a418311 |
| SHA512 | d30952a75d94dd64b7bd253ed72810690f3550f2262cfaaef45854fc8334f6201a8cbafb9b175c6435f7ce0499567f2fa8667b4b0046bfb651bf61eb4278e6c8 |
C:\Users\Admin\Desktop\MRS MAJOR WANTS TO MEET YOU 5.txt
| MD5 | e20f623b1d5a781f86b51347260d68a5 |
| SHA1 | 7e06a43ba81d27b017eb1d5dcc62124a9579f96e |
| SHA256 | afeebe824fc4a955a673d3d8569a0b49dfbc43c6cc1d4e3d66d9855c28a7a179 |
| SHA512 | 2e74cccdd158ce1ffde84573d43e44ec6e488d00282a661700906ba1966ad90968a16c405a9640b9d33db03b33753733c9b7078844b0f6ac3af3de0c3c044c0b |
memory/2700-117-0x0000000004800000-0x000000000480A000-memory.dmp
memory/2700-116-0x0000000004800000-0x000000000480A000-memory.dmp
memory/2700-121-0x0000000004890000-0x000000000489A000-memory.dmp
memory/2700-120-0x0000000004890000-0x000000000489A000-memory.dmp
memory/2700-118-0x0000000004800000-0x000000000480A000-memory.dmp
memory/2700-119-0x0000000004800000-0x000000000480A000-memory.dmp
memory/2700-123-0x0000000004800000-0x000000000480A000-memory.dmp
memory/2700-122-0x0000000004800000-0x000000000480A000-memory.dmp
memory/2700-124-0x0000000004800000-0x000000000480A000-memory.dmp
memory/2700-125-0x0000000004800000-0x000000000480A000-memory.dmp
memory/2700-126-0x0000000004890000-0x000000000489A000-memory.dmp
memory/2700-128-0x0000000004890000-0x000000000489A000-memory.dmp
C:\Users\Public\Music\Sample Music\AlbumArtSmall.jpg
| MD5 | 1c6a4f664e8e18eba1a5b61ac4dde46f |
| SHA1 | f09e10bc312f20ccd61c65c892666677d54d2282 |
| SHA256 | ccc20b7b3b29325db0a0b1c2127c12d8a1c019ca159505a96cbcbc89701702f9 |
| SHA512 | 3ff32e45c7b0c1f38d5296c0a1ed6a87c987d1b5a4fd0efed2aacbce0794a8f804ec985891bf03ed1ec4bf03b18b25b9717a2aa405dc45aadae4b2b30d6012a6 |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{F904B542-829D-4E13-84D6-7FA170A471DB}.jpg
| MD5 | 35e787587cd3fa8ed360036c9fca3df2 |
| SHA1 | 84c76a25c6fe336f6559c033917a4c327279886d |
| SHA256 | 98c49a68ee578e10947209ebc17c0ad188ed39c7d0c91a2b505f317259c0c9b2 |
| SHA512 | aeec3eed5a52670f4cc35935005bb04bb435964a1975e489b8e101adfbce278142fd1a6c475860b7ccb414afe5e24613361a66d92f457937de9b21a7a112e1f9 |
Analysis: behavioral16
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 20:50
Platform
android-x64-arm64-20240624-en
Max time network
12s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| GB | 216.58.213.10:443 | tcp | |
| GB | 216.58.213.10:443 | tcp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 20:51
Platform
android-x64-arm64-20240624-en
Max time network
11s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 20:51
Platform
android-x86-arm-20240624-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 21:11
Platform
win10v2004-20241007-en
Max time kernel
938s
Max time network
1331s
Command Line
Signatures
A potential corporate email address has been identified in the URL: [email protected]
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\devmgmt.msc | C:\Windows\system32\mmc.exe | N/A |
| File opened for modification | C:\Windows\System32\devmgmt.msc | C:\Windows\system32\mmc.exe | N/A |
| File opened for modification | C:\Windows\System32\devmgmt.msc | C:\Windows\system32\mmc.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\INF\c_swcomponent.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_volume.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\remoteposdrv.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fssystemrecovery.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_netdriver.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fscopyprotection.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_firmware.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsvirtualization.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsundelete.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fssystem.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\PerceptionSimulationSixDof.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_display.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_barcodescanner.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_sslaccel.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsencryption.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fscontentscreener.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_processor.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_scmdisk.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_cashdrawer.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\wsdprint.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fscfsmetadataserver.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\digitalmediadevice.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_magneticstripereader.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_holographic.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsopenfilebackup.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsreplication.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\oposdrv.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_smrdisk.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_proximity.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fscontinuousbackup.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\dc1-controller.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_diskdrive.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_camera.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\xusb22.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_extension.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_smrvolume.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\rdcameradriver.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\ts_generic.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_mcx.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_media.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsactivitymonitor.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_monitor.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\rawsilo.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsantivirus.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_computeaccelerator.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_scmvolume.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsphysicalquotamgmt.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_receiptprinter.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fshsm.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fscompression.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_apo.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsquotamgmt.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\miradisp.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsinfrastructure.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_ucm.PNF | C:\Windows\system32\mmc.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\SysWOW64\mspaint.exe | N/A |
| File created | C:\Windows\INF\c_linedisplay.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fssecurityenhancer.PNF | C:\Windows\system32\mmc.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\calc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\notepad.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mspaint.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\system32\mmc.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings | C:\Windows\SysWOW64\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings | C:\Windows\SysWOW64\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings | C:\Windows\SysWOW64\explorer.exe | N/A |
Runs regedit.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: SetClipboardViewer
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe"
C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x2ec
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6648 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x94,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x104,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8548 /prefetch:1
C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x104,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10016 /prefetch:1
C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9728 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11900 /prefetch:1
C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13008 /prefetch:1
C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13360 /prefetch:1
C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13632 /prefetch:1
C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x120,0xf8,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0xf8,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x120,0x124,0xfc,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13380 /prefetch:1
C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14556 /prefetch:1
C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14784 /prefetch:1
C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x120,0x130,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14048 /prefetch:1
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14948 /prefetch:1
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14896 /prefetch:1
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0x104,0x128,0x10c,0x40,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14496 /prefetch:1
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14996 /prefetch:1
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=151 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15084 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15128 /prefetch:1
C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=155 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=153 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=157 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=158 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=159 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=156 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=161 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14180 /prefetch:1
C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=162 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=163 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=164 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=160 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=165 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9879437291163755926,11554752825166500673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=166 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xd4,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ab1946f8,0x7ff8ab194708,0x7ff8ab194718
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.72.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | support.google.com | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.20.217.172.in-addr.arpa | udp |
| FR | 172.217.20.164:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 195.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.20.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | answers.microsoft.com | udp |
| US | 13.107.246.64:80 | answers.microsoft.com | tcp |
| US | 13.107.246.64:80 | answers.microsoft.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 20.190.160.17:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | identity.nel.measure.office.net | udp |
| IE | 2.18.24.11:443 | identity.nel.measure.office.net | tcp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csp.microsoft.com | udp |
| US | 8.8.8.8:53 | answers-afd.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 104.81.141.207:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | cdn-dynmedia-1.microsoft.com | udp |
| NL | 88.221.25.129:443 | cdn-dynmedia-1.microsoft.com | tcp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| NL | 104.81.141.207:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 8.8.8.8:53 | consentdeliveryfd.azurefd.net | udp |
| US | 8.8.8.8:53 | 207.141.81.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.25.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | answersstaticfilecdnv2.azureedge.net | udp |
| US | 152.199.21.175:443 | answersstaticfilecdnv2.azureedge.net | tcp |
| US | 152.199.21.175:443 | answersstaticfilecdnv2.azureedge.net | tcp |
| US | 152.199.21.175:443 | answersstaticfilecdnv2.azureedge.net | tcp |
| US | 152.199.21.175:443 | answersstaticfilecdnv2.azureedge.net | tcp |
| US | 152.199.21.175:443 | answersstaticfilecdnv2.azureedge.net | tcp |
| US | 152.199.21.175:443 | answersstaticfilecdnv2.azureedge.net | tcp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | lgincdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | lgincdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 20.189.173.14:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 14.173.189.20.in-addr.arpa | udp |
| US | 20.189.173.14:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| FR | 172.217.20.164:443 | www.google.com | udp |
| US | 8.8.8.8:53 | pcoptimizerpro.com | udp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | pcoptimizerpro.com | tcp |
| US | 8.8.8.8:53 | www.pcoptimizerpro.com | udp |
| US | 8.8.8.8:53 | 124.8.63.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.jqueryscript.net | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 172.67.75.171:443 | www.jqueryscript.net | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | cdn.jquery.app | udp |
| US | 172.67.164.99:443 | cdn.jquery.app | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 8.8.8.8:53 | 171.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.201.250.142.in-addr.arpa | udp |
| NL | 18.239.94.35:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | 99.164.67.172.in-addr.arpa | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 74.125.71.154:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| NL | 13.227.219.71:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.94.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.249.227.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 13.107.21.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | 1.129.74.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:443 | www.google.com | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| FR | 172.217.20.164:443 | www.google.com | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 8.8.8.8:53 | play.clubpenguin.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | play.clubpenguin.com | udp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 151.101.193.91:80 | softonic.com | tcp |
| US | 151.101.193.91:80 | softonic.com | tcp |
| US | 151.101.193.91:443 | softonic.com | tcp |
| US | 8.8.8.8:53 | www.softonic.com | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | assets.sftcdn.net | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | js-de.sentry-cdn.com | udp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| DE | 54.230.206.44:443 | sdk.privacy-center.org | tcp |
| US | 151.101.66.217:443 | js-de.sentry-cdn.com | tcp |
| US | 151.101.1.91:443 | images.sftcdn.net | tcp |
| US | 151.101.65.91:443 | images.sftcdn.net | udp |
| US | 8.8.8.8:53 | 91.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.206.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | notix.io | udp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| US | 8.8.8.8:53 | 253.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:443 | www.google.com | udp |
| US | 8.8.8.8:53 | support.google.com | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 151.101.193.91:443 | images.sftcdn.net | udp |
| US | 8.8.8.8:53 | www.softonic.com | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | assets.sftcdn.net | udp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| US | 151.101.129.91:443 | images.sftcdn.net | udp |
| US | 8.8.8.8:53 | 91.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 74.125.71.154:443 | stats.g.doubleclick.net | udp |
| FR | 216.58.214.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | notix.io | udp |
| US | 8.8.8.8:53 | 162.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:443 | www.google.com | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| FR | 216.58.215.49:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | 49.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | motherboard.vice.com | udp |
| US | 151.101.2.133:80 | motherboard.vice.com | tcp |
| US | 151.101.2.133:80 | motherboard.vice.com | tcp |
| US | 151.101.2.133:443 | motherboard.vice.com | tcp |
| US | 8.8.8.8:53 | www.vice.com | udp |
| US | 192.0.66.177:443 | www.vice.com | tcp |
| US | 8.8.8.8:53 | 133.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.skimresources.com | udp |
| US | 8.8.8.8:53 | embeds.beehiiv.com | udp |
| US | 8.8.8.8:53 | cdn.parsely.com | udp |
| US | 8.8.8.8:53 | htlbid.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| NL | 13.227.219.97:443 | htlbid.com | tcp |
| NL | 13.227.219.97:443 | htlbid.com | tcp |
| US | 8.8.8.8:53 | 177.66.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | live.primis.tech | udp |
| DE | 18.155.145.121:443 | live.primis.tech | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| NL | 13.227.217.72:443 | cdn.parsely.com | tcp |
| US | 151.101.1.91:443 | s.skimresources.com | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 104.18.68.40:443 | embeds.beehiiv.com | tcp |
| FR | 172.217.20.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | cdn-magiclinks.trackonomics.net | udp |
| US | 8.8.8.8:53 | silo50.p7cloud.net | udp |
| US | 8.8.8.8:53 | cdn.confiant-integrations.net | udp |
| US | 8.8.8.8:53 | launchpad-wrapper.privacymanager.io | udp |
| US | 172.64.144.166:443 | cdn.confiant-integrations.net | tcp |
| US | 8.8.8.8:53 | cmp.inmobi.com | udp |
| US | 8.8.8.8:53 | scdn.cxense.com | udp |
| DE | 18.155.145.51:443 | cdn-magiclinks.trackonomics.net | tcp |
| NL | 18.239.69.72:443 | launchpad-wrapper.privacymanager.io | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| FR | 216.58.213.66:443 | securepubads.g.doubleclick.net | tcp |
| IT | 157.240.203.2:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | cdn.pbxai.com | udp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| GB | 104.124.162.250:443 | scdn.cxense.com | tcp |
| US | 8.8.8.8:53 | 121.145.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.217.227.13.in-addr.arpa | udp |
| GB | 143.244.38.136:443 | cdn.pbxai.com | tcp |
| NL | 18.239.36.42:443 | cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.68.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.144.64.172.in-addr.arpa | udp |
| NL | 18.239.70.135:443 | c.amazon-adsystem.com | tcp |
| IT | 157.240.203.2:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 216.58.214.86:443 | i.ytimg.com | tcp |
| NL | 18.239.83.100:80 | crt.rootg2.amazontrust.com | tcp |
| FR | 172.217.20.206:443 | www.youtube.com | udp |
| NL | 18.239.83.100:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | launchpad.privacymanager.io | udp |
| FR | 216.58.213.66:443 | securepubads.g.doubleclick.net | udp |
| NL | 18.239.18.66:443 | launchpad.privacymanager.io | tcp |
| US | 8.8.8.8:53 | api.cxense.com | udp |
| DE | 167.235.124.25:443 | api.cxense.com | tcp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | r.skimresources.com | udp |
| US | 8.8.8.8:53 | 51.145.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.69.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.162.124.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.203.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.70.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.18.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.124.235.167.in-addr.arpa | udp |
| US | 35.190.59.101:443 | r.skimresources.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| DE | 91.228.74.200:443 | secure.quantserve.com | tcp |
| FR | 172.217.20.162:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | api.parsely.com | udp |
| US | 8.8.8.8:53 | p1.parsely.com | udp |
| US | 8.8.8.8:53 | t.skimresources.com | udp |
| US | 8.8.8.8:53 | p.skimresources.com | udp |
| GB | 74.125.71.154:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| FR | 216.58.214.67:443 | www.google.co.uk | udp |
| IE | 52.17.99.225:443 | p1.parsely.com | tcp |
| US | 52.86.170.135:443 | api.parsely.com | tcp |
| US | 35.190.91.160:443 | p.skimresources.com | tcp |
| US | 35.190.91.160:443 | p.skimresources.com | tcp |
| US | 35.201.67.47:443 | t.skimresources.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | geo.privacymanager.io | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| DE | 52.85.92.10:443 | geo.privacymanager.io | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| FR | 142.250.179.78:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| FR | 172.217.20.162:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| FR | 216.58.215.33:443 | yt3.ggpht.com | tcp |
| FR | 172.217.20.198:443 | static.doubleclick.net | tcp |
| FR | 142.250.75.234:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| NL | 18.239.50.110:443 | rules.quantcount.com | tcp |
| FR | 142.250.75.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 216.58.214.174:443 | play.google.com | tcp |
| FR | 142.250.179.78:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 101.59.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ams-pageview-public.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 162.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.91.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.67.201.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.99.17.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.170.86.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.92.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.50.239.18.in-addr.arpa | udp |
| US | 52.216.40.17:443 | ams-pageview-public.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | client.px-cloud.net | udp |
| US | 52.216.40.17:443 | ams-pageview-public.s3.amazonaws.com | tcp |
| FR | 23.33.27.80:443 | client.px-cloud.net | tcp |
| FR | 216.58.214.174:443 | play.google.com | udp |
| US | 8.8.8.8:53 | api.cmp.inmobi.com | udp |
| DE | 52.28.122.81:443 | api.cmp.inmobi.com | tcp |
| DE | 52.28.122.81:443 | api.cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | collector-pxebumdlwe.px-cloud.net | udp |
| US | 8.8.8.8:53 | stk.px-cloud.net | udp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.40.216.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.27.33.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.122.28.52.in-addr.arpa | udp |
| US | 34.107.199.61:443 | stk.px-cloud.net | tcp |
| US | 34.107.199.61:443 | stk.px-cloud.net | tcp |
| US | 35.190.10.96:443 | collector-pxebumdlwe.px-cloud.net | tcp |
| US | 35.190.10.96:443 | collector-pxebumdlwe.px-cloud.net | tcp |
| US | 35.190.10.96:443 | collector-pxebumdlwe.px-cloud.net | udp |
| US | 8.8.8.8:53 | 61.199.107.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.10.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | trx-hub.com | udp |
| NL | 18.238.243.19:443 | trx-hub.com | tcp |
| US | 8.8.8.8:53 | 19.243.238.18.in-addr.arpa | udp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| IE | 52.17.99.225:443 | p1.parsely.com | tcp |
| US | 8.8.8.8:53 | comcluster.cxense.com | udp |
| DE | 167.235.124.61:443 | comcluster.cxense.com | tcp |
| US | 8.8.8.8:53 | 61.124.235.167.in-addr.arpa | udp |
| US | 50.63.8.124:80 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:80 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 8.8.8.8:53 | www.jqueryscript.net | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 104.26.5.155:443 | www.jqueryscript.net | tcp |
| NL | 18.239.94.35:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 8.8.8.8:53 | 155.5.26.104.in-addr.arpa | udp |
| FR | 216.58.214.174:443 | play.google.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | play.clubpenguin.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | play.clubpenguin.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 167.57.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | support.google.com | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| FR | 172.217.20.162:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| FR | 142.250.74.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 238.74.250.142.in-addr.arpa | udp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| FR | 142.250.74.238:443 | www.youtube.com | udp |
| US | 35.190.10.96:443 | collector-pxebumdlwe.px-cloud.net | udp |
| FR | 216.58.215.49:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| FR | 216.58.214.78:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 78.214.58.216.in-addr.arpa | udp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| FR | 216.58.215.49:443 | csp.withgoogle.com | udp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | support.google.com | udp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| US | 35.190.10.96:443 | collector-pxebumdlwe.px-cloud.net | udp |
| US | 35.190.10.96:443 | collector-pxebumdlwe.px-cloud.net | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | play.clubpenguin.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | play.clubpenguin.com | udp |
| US | 34.107.199.61:443 | stk.px-cloud.net | tcp |
| US | 34.107.199.61:443 | stk.px-cloud.net | tcp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 8.8.8.8:53 | www.softonic.com | udp |
| US | 151.101.1.91:80 | www.softonic.com | tcp |
| US | 151.101.1.91:80 | www.softonic.com | tcp |
| US | 151.101.1.91:443 | www.softonic.com | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | assets.sftcdn.net | udp |
| US | 151.101.66.217:443 | js-de.sentry-cdn.com | tcp |
| US | 151.101.65.91:443 | assets.sftcdn.net | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| DE | 54.230.206.92:443 | sdk.privacy-center.org | tcp |
| US | 8.8.8.8:53 | 92.206.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 74.125.71.156:443 | stats.g.doubleclick.net | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| FR | 216.58.214.67:443 | www.google.co.uk | udp |
| FR | 216.58.214.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 98.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | notix.io | udp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| FR | 172.217.20.164:443 | www.google.com | udp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | pcoptimizerpro.com | udp |
| US | 8.8.8.8:53 | www.pcoptimizerpro.com | udp |
| US | 50.63.8.124:80 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:80 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 8.8.8.8:53 | www.jqueryscript.net | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| DE | 18.66.102.11:443 | static.hotjar.com | tcp |
| US | 172.67.75.171:443 | www.jqueryscript.net | tcp |
| US | 172.67.75.171:443 | www.jqueryscript.net | tcp |
| DE | 18.66.102.11:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 8.8.8.8:53 | 11.102.66.18.in-addr.arpa | udp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 50.63.8.124:80 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:80 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 172.67.75.171:443 | www.jqueryscript.net | tcp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | play.clubpenguin.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 151.101.193.91:443 | softonic.com | udp |
| US | 8.8.8.8:53 | www.softonic.com | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | assets.sftcdn.net | udp |
| US | 151.101.66.217:443 | js-de.sentry-cdn.com | tcp |
| US | 151.101.65.91:443 | assets.sftcdn.net | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| DE | 54.230.206.98:443 | sdk.privacy-center.org | tcp |
| US | 8.8.8.8:53 | 98.206.230.54.in-addr.arpa | udp |
Files
C:\note.txt
| MD5 | afa6955439b8d516721231029fb9ca1b |
| SHA1 | 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9 |
| SHA256 | 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270 |
| SHA512 | 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 443a627d539ca4eab732bad0cbe7332b |
| SHA1 | 86b18b906a1acd2a22f4b2c78ac3564c394a9569 |
| SHA256 | 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9 |
| SHA512 | 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d |
\??\pipe\LOCAL\crashpad_3544_PIKSKHWLXWOESRYF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 99afa4934d1e3c56bbce114b356e8a99 |
| SHA1 | 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581 |
| SHA256 | 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8 |
| SHA512 | 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b102599e3e77175940b09dddccc92ae6 |
| SHA1 | 4b15530722dc7fbcf8d9b2a7840a4c2e7710d6e1 |
| SHA256 | a7e9f4ea665b019fc8e8a5f1c616c1994ac5fbd427f7aa0b34f95d69a094b8ef |
| SHA512 | 9e729cc8c57f8d0da67b2a5f6043f50cd806a36b8f5cf9687f66995d4a1256c55fac0358f1e0d890f60b337f1e7890817935703be48a2d6d14923de2099f6167 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 2be38925751dc3580e84c3af3a87f98d |
| SHA1 | 8a390d24e6588bef5da1d3db713784c11ca58921 |
| SHA256 | 1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b |
| SHA512 | 1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 29009c891cf7a535265213e604d7af68 |
| SHA1 | 364082eecdd594aee32f4869b9e8cb15311d9b3d |
| SHA256 | b322a73652f4b28055ec1a70310070fb7f3203369e8454112089d2fa2e9b4f24 |
| SHA512 | cbcd8de93f96dbd76202bee9ee71c4d09a2be579e824e9a710b080ce19adb79c55a5e45a90e1a4949c02fdba677c3125abb62812274112b501d005bc9a432a66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0d57b57e1c60c154b77fba9e5749ae4c |
| SHA1 | adfcac5f571636e2080dec9df5d84c6d3efe0d6d |
| SHA256 | 9cd5e48c0470000d46535466d9755a797f0bbf42131aca25d9d41296ccec0d92 |
| SHA512 | a6df5996141b97bc864df200b91007ed7499ff53e4a78063403e1e5d2f1fc8e5568481e81c5b4eb6951e3dd9505e92b7b2b53c60879b79d51241ec8445a30456 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 59ede5e00a8c459d2af136e93d54424a |
| SHA1 | 126adfe35fbe42eb0b73d6a0a4df7999d143a068 |
| SHA256 | 89e111d6859ed67ed36c283442549bfe9811856974f082611e8ff82eaf2bf69e |
| SHA512 | 4f1255137558d132e24a5f6072073aaeeccd8eacd37ead9cb123f4b26c0a7573f49b7f4f7a5ae388c9133c470193811e2e4a32a03f7e358af1c95647cd417a59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b9e0f9ba7bbbcd06d3b17ba064d7f86f |
| SHA1 | 8c41314b8328f45822327dba3d1deacc22798b3b |
| SHA256 | bb287d284d7d5f4a74a7410af976673c1a1c4bd0ac21c913e76d72f53266c4de |
| SHA512 | 931a980deff4897906f1146f5c74e3edbfcf85e46586b3616481b674cee7257e5f9ef1f25cd50eedcf16aa78f55e8dc92b9e17698025c343887e3c4e34ee7d44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe597ae3.TMP
| MD5 | 93b7e217837dc464e6e5728f9a5fc77b |
| SHA1 | 76eee4a6c3e1b385541aa836a04727ce08c14779 |
| SHA256 | f4f77237c588a194f972df45b51bc3b826877f146931208b969c7d0337804973 |
| SHA512 | c520b5396cd24a9d504712b61f226200f4d555d25d44c6f08d51ba4ce51216149323e033b75a069ccaa917737c66cdfd92f453ab3e770905fc4e7a0615080e92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8959f9cde9f1521d261e5b269b004510 |
| SHA1 | e06db0ec7d48c0c6ec7d62303e4042d77e21099e |
| SHA256 | 81918f02bd8d3b1bf6a80116f4b530dc958cab0d884c9dc3d54520af46ea19c4 |
| SHA512 | a67bbeb10ea993db0df1357b1db2015af8151cde976379499e0d9b871b4bd97e55fc62c76bf92a2f88eb5b9b221b5b14f511797ad4f09883bdf5b48c07f8ad77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b7a999dbb52fa187de5cc2c106000dec |
| SHA1 | 558eb4285d19a49a91c6a2c01836f49b2a2f0383 |
| SHA256 | 5fc2ebfd87b54bc6f4e18df9e26bbba9faf67ef678cde3bb229aba278b227540 |
| SHA512 | 3059600fe5d41757850455a3be9e9053c1c6e4e8a30c890fa4b8dfd07b4462dfd3769f6fefa71d6f75eedf8af44168d38590307e2d91f59694ab43b17a8b1bdc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c15becc25d1baf05bfa83c87f82ba850 |
| SHA1 | 0c63a9e97b42fbad4933a1e3d566e7949706499a |
| SHA256 | d6772cd7c259f9d4b2444178074fb92f0c051b3c6ffef3e82161d924dc2257d8 |
| SHA512 | 7847cb30b343ee0e2f8f313eddfe1fda3bda55aaa68e575d8cfcb8dcd4662c1f159ccfd064db5afea1e7502003d8e70bf63bfa4b6c9dcaedec46ac1e8a83043d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 301b00e26adf376fc286ab3f457330c4 |
| SHA1 | 40599ed74f5407734a34eb3b1b8d4370e8b754ab |
| SHA256 | 2dd687f566eadd38ef8ea20ecd073d9a03b32b5d0a88f0627991ddaeb538aba6 |
| SHA512 | 48a46feadd6043261ab3a8b0faaa4c3ca146ccadc1536a0db4eac57bf813c079bdb7b47781e2cf15773bce8381b9cf1b7b514ae87ace77d2ff792cc09a782cd5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4783e5de563504f5b3df0a480d67f668 |
| SHA1 | 2beef48943a7f2390a601d111d97bf4646990e44 |
| SHA256 | ae6bedafa4f93538b1f9a3d1cf63c5e74a052d5e3f3b4f5a8cd9aa8b5b418666 |
| SHA512 | adcc0c39f94a195e3bfbb484c5cdb1e29f3fb5239c9239ca0b821afc1465a99cc8c02d2b4661ebd05687ab200c8684bfe146d1afe30ca77179dadd47e589d496 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f968e7a6f839d0ec7e3b9a04989f09f8 |
| SHA1 | 84c69284a05ba112f83621a8ecb1427f16e8cc79 |
| SHA256 | 2be05015f273953068f80ba76e6bf973768a9d4a96b85240d9c987521bc44a11 |
| SHA512 | fe4ef8406b9747951435049bd39cfc80fcc96c39a5584a4803070015eeb971bf3a5f11b3239fea32c10bf366ca70a98c5687de2c706d6820c16b0ffb7f859cf6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ce5e41fd7779a53c07f236506796b9b3 |
| SHA1 | 967595f1dc66d80ff95ef219aae752321f6ff334 |
| SHA256 | 94b66417e856951371d6240d675da91be2e2a3ed948923b159d07363e42d4730 |
| SHA512 | 75cd40278dd28bd07ba44ce4233d3a602ed216c27b15ac420a2a196e819ee4c3a35663921791551c7b37cd96c2126d9525d81006c0116fe6905e85f98d46c9ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 00366ca63ac7f192b9133a43cd5d74d4 |
| SHA1 | 91bebf01bdd2f3e42edfa871d20111bd99cbdaf4 |
| SHA256 | ddad33115d7d9b02be198f8916e36c100ee5c7b8c51c863a1ff8031268609b28 |
| SHA512 | 6c164ebbdbaf1804cefa99614663ffe03104e6bef95327f42ffde515e595cd17b0c8c1de0cfc641cdf52e7250a359cdd5d45dcbae26f831feba2dab509feb29c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 12f933541c58ab3b5f75f6e9f3fd7d4d |
| SHA1 | b64a4cf232f491d2677de7e7782c4050b874a099 |
| SHA256 | 7ae99c7eb3d125c447f457afa88900ab32cdbf30f7fa7544a20da3a6e19df5b4 |
| SHA512 | 118b69df2ae658f0314056c9fa38101201011e6932028cd6c6395d2381a1f164b42d73c9b24cc3eb92d91a16d3d529e900a859aeb53c1ed4d04b1f5d21f96b18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 839584d5060b914b6a910c5ee1f7d571 |
| SHA1 | 486a0d6dd875171f8c3d59ab3bfa500b4770ea5b |
| SHA256 | 54dcb6e5f5d64129491cae38f50aa1ba3a521c04596f38364358d2b415ff4d06 |
| SHA512 | b5e0b3cfcdb0e8d8fa9453b5937c05bd76932f9fd4920b769d95939e8b90b1032430d638efd26eafb747a9b741df48dc27ea9e94d7f77af2af0693d7eab31247 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ebfbed7f487c878977476f1d973e3cf3 |
| SHA1 | d8ecd68c8bd270e78679cdefb43f223dd7e0156b |
| SHA256 | c60514988621a4be79de268645191b4986cd44db976c9d24a7bb54c4456235a2 |
| SHA512 | 40bb12d53992b41ded7322ac0661d5971d3d45e41f0497233ffc94c9aa10ca10cae27bbed765b8b49a247c889c7687f214bc332787d371c32056263deec490d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c8bf27111c54223b86d5ee8ef6a5b82a |
| SHA1 | 0a498825f233a20d89a1069da589702ad75107f3 |
| SHA256 | 16db6764a61c6e70c091fa70bb16bfbeaa96d8ad28465047471076847e0d95c1 |
| SHA512 | fbb8cc10f1f7a0fdb68f428a7f51e738ca5a7e930c866ef934618e2dfe1e043d9462210b13a3de65ac96f589223c7f4fcec2bead814b450ace1119b5f96da32c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3e081f9b08cb27918354622e5449b3bf |
| SHA1 | 80a72412653dd60af3ee5e72823f0fb7f658f378 |
| SHA256 | d959ad93203e5bf267b3aa13a8f80911429eace35ed51d6c3395800f41228d5a |
| SHA512 | 96b98cf5e4e152bb24fc7355e7fbecb87260f723739c9203e7aa3cbf5c90896f0e672ac72a5b399e606ab827840ca5e7d25333e55983bbbc1c673bf84216d997 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f882f27549ab988dc55e5f4013c29e63 |
| SHA1 | 6282f610fc64737b2ae6ae78a7af8769d33fbb5f |
| SHA256 | 57fa7b6cf3a2c50e2f8f72e10910c0c3e0f0ef7d4b887cc7725a023befe7b15f |
| SHA512 | b6085faf7ee114b6f2292052940edd98b84c4d154c822454982254e91273b0e38f5d0ad4022b8b6f3910164d4771c23163c7097a19db6c8c2be8af811be32f95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3ad82c2b54be524c8ce5583cf492bfe4 |
| SHA1 | a52edc2b96a21446b4c6c932b3da211f9f57fa44 |
| SHA256 | d95f7810b206381a7a7d79572cfc657d2af4f2bd1b555313b1d7327b723f06d6 |
| SHA512 | 9b032cff23843c6aac549f9b8cf52e2f98b1f0a40bbf0c77eb933b925875fa8d7d3a5d1c0959ae3080d296a3258fe6931a1d30db995a38b3fecb6ea0889e5c55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 65a655fe66ff15d0a2d9c556b36b5699 |
| SHA1 | 3ef8750df7d363c7f16a924eb567cff40cc4bc10 |
| SHA256 | 0cc42d8db38b20550aab3013ed39a47f10af13841b00f54d33ac370602000b69 |
| SHA512 | 161f768a38f31f0dd394ef3e99b74ce7803c74f75fc1b6fc34871015db29be88c6010ff3838368338db65f2cfe0e090dbbb5e3aad9c467e74008e1d4ba0bb3b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d7a96e933611719a9d0e61d29fbed82e |
| SHA1 | d6ebad689e60009166de17c7f3299389a8e17282 |
| SHA256 | 05fd4fe63c6f36c8b017df127ef1bbc94f0fb570a9e6b1b4be9a61c3123edc25 |
| SHA512 | 92d9ce584478407ae5f9f791479d885b03760e22248992ebca459a214dd3369f83a3c97a6c2e4314b51df194c6bbdf505e10dd6d3aa3577aab2cfa107451a844 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3ad924261bfd401ee2106d65faf00b25 |
| SHA1 | 726befd63775606ac46c2ff661b3b98e18105655 |
| SHA256 | 713be5f40662e1ea30bb87ee6c4313297a057da1ebc472a393ffefd49d490508 |
| SHA512 | 99b28ccad7c88c030343dff3cb46c80eba7660c0978aeba04d4df4fe20d85a4064afa9412e32f1da415273b2af09623577116003b70bb26d7ecaf6db7f50ca77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ab5bdb995f1b8a96_0
| MD5 | 2761d7edc726cbbe3a5bf4cb508a6d11 |
| SHA1 | 3d181cd55340d7b44715255331da471b5371b8e9 |
| SHA256 | c5f5da3905bc47bc4bb12031315dc487612c061873487181c3b578600053401a |
| SHA512 | 32e3ea46b72380510e69052079b50fbd417647b366d2c3b8150a84853fb18a496714f852ad31c6eff545323805ff9f67b6f1e6133045d3831dbc7b55d932c951 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\27e336d9bf26b5c9_0
| MD5 | 03d3418d2f9b5318b3d1bb6ecaaeaac2 |
| SHA1 | 5dbdfba0aef42fec4d58e342d59882933d1b7536 |
| SHA256 | cf12560d022fce0bc276bf54499f4a5024397059644538b88cef0a028196db6c |
| SHA512 | 5f82832ddda06e3868309b3de554496b2017ae29ea3f915ce8b4ebf6940c50d43bf268f846706c725dd90ad2768846aaa771604b5171e4f2f0766ed56ddacd0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6892666fd3baf497_0
| MD5 | 5dc5c79a23b82156390c267b3957c497 |
| SHA1 | 6dadd0d3d87bda19802f2a1b8da113a9aaab5e65 |
| SHA256 | bce9e128dce6ea775dea1f8d27f6776348c3cc6165aad242d9a0d47a784070cf |
| SHA512 | d4e61c897b0d63a1e2e14ec15a35226fe831a47b9122ee2af6eb78b01fd46663702794fb98df7e56b6987f3a28e29be376fa7d4aad4cdcd5fedc7da6169904cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 810a56dc0c520e7258beba71190662c4 |
| SHA1 | dbddf2653594cea8a8572d720ba638134f4f4465 |
| SHA256 | 69e4f9d9a0305aea1fdc09afb95c9241637aeb136fb31f43319c5f73ef3fa16c |
| SHA512 | 19d11f2aa4d2ed7e5a99b10629461de4910ab2f7cef6fbe2e89981d007b52b2caa5fc5e4baf0573bde7e80f3ad79e23e6f2164453ebd3bed23785cdfe47f6f57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 966ed139ab1226f746c2e288f12ad17a |
| SHA1 | 81386126f2ca9f44dde2febf43180041c9b7f0c6 |
| SHA256 | b5256300c79abf0aae163903ba1c3b7fe6aaa42c41595ac006ec1fd857d67382 |
| SHA512 | 65bbef62593a46578fc093c373cb378ad19123425cbc7540dd462085daf45638f91672b3a5c456180031eecbd33f3aafbc69e36323e92ec8ef90dd3ba8544c21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b2269354139e561d12d67419bd84f7ea |
| SHA1 | 72b3561a4433224b2a3e9b1efa08b8ae4986ac54 |
| SHA256 | f8a6aaf66248d3f931118bcb5838314c75ea43b0857d096edd39c775b0878b0c |
| SHA512 | 50acafee0ada582fa6c970ac938bc749a9231552dfe47415acd31a4bb6fab32caa321cad7c09133e1d72ba92383f64f5b7ec3cdd97dd0f77ba0d0fee67e3b4dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d29f65853d53483c3e335b2f13eed7c9 |
| SHA1 | c34f85b51ec2f7c00877337295e0800991f8d1f2 |
| SHA256 | 50f4621ea1d037b2ca89b0426f7db79c6b05b1543159c62523c5673c84c25f52 |
| SHA512 | d2ebecbbe2484671c4f213e2e3365dd20e3591aff403878478326dee64567c1c30749d28f6c69503c1bc100345d81761ab54910195f3de1246a167210eca7dd2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 374e995ee9c08f63d760e7e9a9d48767 |
| SHA1 | 94c366942d04a6994ff3c58dc92038ebdc6990f5 |
| SHA256 | dfd0356806d2cd92db5ff7ee081ae445a329651a0945f3e53af23bde2833c53d |
| SHA512 | 9c891e0373d82b5f197310166f4bd973dcf0596903b03dfe23181c3e26e05a672cae24af9dc230f77e43f04ab47f6fd0a4832d4698158a29e59ddeb564c10a35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9039ed945db813629227e4c995b2e76c |
| SHA1 | 34901bfb64adda2bff292d50e1dce0270544d1e3 |
| SHA256 | 766e8b673b2ca69c8f6bdf0626d9164bf43e6e11df89592a6202beeaddf3a733 |
| SHA512 | 8365ea7fc3a32c391f2ddbffcb73bb3a04695e600e681476bd712b630632e4e5786f50ce7cf0a869e2b3b8a5b47b0a58d5233ea2958562012febf0f8d57bb962 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ab9de503455f9ea92b25754357ef00ef |
| SHA1 | fb066d6d55f7713bb665acb6c371a3f6499aaf1f |
| SHA256 | a061402f39f1807f5f1dd4553068571b356c2cb444d88036c2d2d9c3e98683c0 |
| SHA512 | fc6d19585254b766e5e496ff74e19475fcc4d3b0ada553e16bcd7a72e51e0a084e69bd893825666052f0ff075099675b89064aa6a3eb52bcd6baccece395e305 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8fd99a66103d3315319cd38066c87611 |
| SHA1 | 5fbdeee2b55ba048b37dfd303089ffed60da3aae |
| SHA256 | 639fe11973738b9203eff1cb8fa2f45199e39e74ba0b8c15bafa280196f5a32e |
| SHA512 | 9f69eadfc2e80eedbcda03ea18096701414b242abb487d594c0ff41b4d1ec156be2f25a7a9e4717c69ac8802ccaf678bbbb163216bafc668ce796b7d33f8471c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7e6a349e3687f5d5c0dbd3c2df06f0ba |
| SHA1 | 7bab8ad746e006d6a0c3431b70ebea9174bb1ac6 |
| SHA256 | 28c6bda0457be869c1059f4c81eacc6cce731fd94aafa798fb7ad3b908fcd373 |
| SHA512 | 23f602f7f9862ea9dcc6c6640a4b2376cc1ade50e8c30de8db8dabaefa00597c4467663310cb720f9461d015c5d9758b875c466f8aa36e35bab013c9ea0d55ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | da4d04e12b6a40228e8c95aaaf6b52d8 |
| SHA1 | e549dafa4c750ef640dff546423b174d791a1f73 |
| SHA256 | 4b1d189ab8180aefb6d333730ef6d9a791b5c08c027e8a9346c9738ba372afb7 |
| SHA512 | 3e2b7fc2950f3f797a2c9805d8466d8941a8779685be2589f61ce34db6b1ef351af64360368d380255fa0f5eda5bc70e631b58c7e8cff1663e75d9600d1c9d22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 946abcfa02d79173f49b9f7e8a09f34b |
| SHA1 | 8ee89bdaf2bfe573372a368f2701259d2cae6866 |
| SHA256 | a72f7c147f36a4e327eadc8fb377928414a3c5af00a299ef796582c9a0cc559d |
| SHA512 | 5dacb425ef63394e325b59603ba77c21f8b096d534293cf5188c888135ffcc363cc3f4a8a2b993e53462dd5d776ce4fe49054bcc6658f0f503a1ad23936bebca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 25de14c5dae6b09eb8c3ceb1235d9f5f |
| SHA1 | ebd072e0e55f2f0bb62ff753f69970f329a861e9 |
| SHA256 | 6665394f9a6de9b564911cc693a1bdeffcc88152435c97b007b035f3e8c2cd2b |
| SHA512 | e0b1fc1ae58febb4420fec5c0d2bcf2b330d58823b2476f37b7b00b7db4f41015d95228252475aef8b7a22f8ec74ff2fea2efbb9fc14cddaa474021d029a7462 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b59fcf5c22d5b82e7489e845fb4ab153 |
| SHA1 | feb27c97df3910b766836914a6f36333a16fe617 |
| SHA256 | 40abcc683af0762e130f65717d994194477adee279d37524e0b8fb52cce59b6a |
| SHA512 | f0ed33f1492e0b4c85858eb203f03e33443f5780809e3a503e2badacd1c49d1ce040cb4073445a44b4618907e3ed6b67fccf8ef9fd31015beef0793a12cd1c38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0e14ee652a18884a01acf159654b0000 |
| SHA1 | d88a767c3cbe08279e3c1a130b81e2421ed06ac8 |
| SHA256 | b104387c2d004e3691d7b64d6d4c5a499e2b34b38b626008edd09053c2379802 |
| SHA512 | 31469ec6d03ef83f880929a37d361f45adeeb9e528804623357f6d105f2602a575b55e70a28ccd2cefdae3dd57c145468d537e9616062564aaae0ded6caf49ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9f8e44e5a470da7d1000345cf8528f6a |
| SHA1 | 3545bb310998dbbd1a2c6a204983c157fb6d44a5 |
| SHA256 | c5046b624cbf878d91462ffad283e0afa4873784dd6fcc7f403e258b0d229950 |
| SHA512 | b9b6e6915550cc3ff1be9aaafd02bbae63fb83d5ed30feb44fe4d7c72a399f4b3a453758eb5bc849378d0baa53f67dc53cf63e7dc03ebe88a5a872faa4ce8b69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 177d3b9a5200b98bc2aab94a70b2c7ed |
| SHA1 | ec5166496f8ea6727a7694f2fc5c4e8afa4ddf5a |
| SHA256 | 64afd3f18812c84772f32d0d045a7cb1025f983db7695cbf8ebd8307d48d1b1f |
| SHA512 | bc40b42e075cfeaa71e6fff7ff0bbeb40bf6136a9c6fb1a8eca0331c681e7466ddd87c3a1d44ef27c0492431596ac542fe6b6a71fd8f7370417b4f5f5aa209e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 67a915fe13dfac23bb2005f367ec5fd7 |
| SHA1 | 802e395d53f17e5959c56e49f9cabc0d135df441 |
| SHA256 | 8236f7cc1ebd4a54ee2dee0a833e2728c0f4fc64c7a2adf29d370cee331a9653 |
| SHA512 | 5cbf6406850236e9e1e0f6cb85786dd202ec91033108c5961f6b6d54268ee45f8a5af367a2c4569881a1c4e27634e075b5886ed7a63f4ecc83621aeefe9e5aa4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 721c80c9502baad538a101547e041abf |
| SHA1 | e4789b9bf1e148168b3d1b29f04bc92620fd119d |
| SHA256 | e02c56d8336ece22ee1a95dc7e9192a0b824771a36f93a448dc9ff3cc144a23f |
| SHA512 | 2623bbd93574cff91446ba21a81f7d4cf5b986fcfe785ba414c9b684bcb6ce8a6b0d78e84db2b90e42f382a1a4028f61c7c250a043a9f897a10fa885db681ea0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3deaffa1d12cd86ce988083f4392ce2d |
| SHA1 | 92a739b0e414377896db9964372bbf1197ed9261 |
| SHA256 | df70a0920d598a46b74d57b0120f20b27d260de6da3288b0ab38e61c382a0ff2 |
| SHA512 | 085b3b1c8605bedef16723694e7d13a198116a942a85cd4beda061adbacfa334ba3380c591a78853adc1fc6b9b9127a94b524f19a77ced4c6719173afc965af9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6ca84f741680284c53cf0c3f724bbe46 |
| SHA1 | 7e58cf5cd2b2b7411b4c5e8cc637a65a59c4cd7b |
| SHA256 | f645c18fdf31e061ead5fbd20abfbca31aff145cb74ce3f5b75dacde371704d2 |
| SHA512 | de33b339b8bea323257c491c8e75eacfbc948ae381a8cef22055864e5b24e4e82a7c8ab8fe3defbef5b46993540e36a26a5759649c6b329c665a5985c5b03fd2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5de7fa75a20d52dee11f8d0c1af6eb19 |
| SHA1 | 0efe0d67d10f23ef117f354097d5469080cc2ece |
| SHA256 | e6a6934f2714145b68d0a1af2fb3f0fe342c071653da9a55da01a1b70d4bdd9d |
| SHA512 | 7626263f401d05b9545c39f958c907cca3ba241f3717c7d3202888443dc6cdca1eae8a33b85bbc174ed3b5bb0669a871d15f50ca77cb1b4d086108d60425f5d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 997d19d9092a772b0619c474d665d8c5 |
| SHA1 | ded832eb5e3d34c1ffb526cff65cb050d4dcea71 |
| SHA256 | b21494b521c5decb16289ba0b001fa148bbbfe94ff25160da7431aa548923537 |
| SHA512 | 8665f5c66e93f987cfff9f5dcab89e8e3f571763830b69bec20305e5ef26d06e163ee8c8ea9e7ddaac34ceefed555ba94e96c5a4a0500657e65819a90289b3b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0ee74a14c656ef71b4eeef63fdff7d5d |
| SHA1 | 40936fb2e8a7831b5b56f36be40b64e7307fa85b |
| SHA256 | 4f4bba74253e0ae4035eaf325234d6cfe932798b00eef112c68230aaaffe9c2a |
| SHA512 | 753d618e264aeb2cf32b680c30683bad3648d0923eeadcbef38539424c03c92ba76a8b053356ec96a5a07e4b175a1b2ee0363ba31a0f9670bad00bdf9b70ec38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ba9e59e22aae591550e9bd5e19f657e1 |
| SHA1 | 67bea3a478d373428edd4824c086acad97908b95 |
| SHA256 | 02c9089822875d2cc024c1a6b6019c56920b0d6ff462708aead7361a54e851c0 |
| SHA512 | a4d8897bb8dff30a0bb808d148871635bf2c38ce2a5ba0d95adb4c53a182d2e596dca367be232d4db20f4092dc206ab03cf35223316d05cf39a47ddde0a17c55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bf65f9829567c649d4d58b758bc4ac22 |
| SHA1 | a62441cc9828fcb3155d720c3a34d001aac705b2 |
| SHA256 | e13bc6811a4ee77fffc61ae3a81c03bd8255589d331630f9189f906e44ff6743 |
| SHA512 | dd1f9d2f91fed5d5f7568c0a045efd8be92c0b8793e90102e6b5f6080af6dadb69c3cfe870ae700d730b8cbbf3f6d8d65f01354089ee358b73832563a4993976 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b6926fbb2f8d9d44d77de7217b08e03f |
| SHA1 | d6040982eaff02ba41ce0694abe086032609b8e4 |
| SHA256 | cb5ab6dc356f8ec358f4d72845c721eb546148db357d72e7600109d8483fcd3c |
| SHA512 | a7f656810df4154c29cc933d82d6911a86b0f0bdb06717fa265113ea3a3518497f8cfe5fb191401238fdd0b0455cd3014b2f98c5ec9fee46f177c53762c75be8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0be4de8403719ca39906431448ba07ed |
| SHA1 | 37fc16654abd8ec019e7ea2a900bf1d36a478ac9 |
| SHA256 | cae345aebed66489265d8e30147a8b9749d55b897f63eb9148ced3bb74e06199 |
| SHA512 | 1a4be17b31b460a90ef215cf93686a0d15d6e8be19b7fa18f8b6145a710eec577795a809c30643366db9004fcf5f52e8f151b19cbba8f7e63b8b267c5b7696ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 999f6927c810f5c7239ac1409b2ea3b9 |
| SHA1 | 724264d131cd148dc34c760bc3fefcfc6d498337 |
| SHA256 | 88241e97edf9c273bb2036593cb760a6323738cbc860e3d85c67c625c08fc590 |
| SHA512 | b9efdd35bfadc34d38c8918700137fdb6389cde9346b1aaea2664d0bd27a83a592388953c34d7365a762a86dcc6232d7074f5981404ed8ba6432838c75df2000 |
memory/6276-1366-0x0000000005A00000-0x0000000005A01000-memory.dmp
memory/6276-1368-0x0000000005A00000-0x0000000005A01000-memory.dmp
memory/6276-1367-0x0000000005A00000-0x0000000005A01000-memory.dmp
memory/6276-1378-0x0000000005A00000-0x0000000005A01000-memory.dmp
memory/6276-1377-0x0000000005A00000-0x0000000005A01000-memory.dmp
memory/6276-1376-0x0000000005A00000-0x0000000005A01000-memory.dmp
memory/6276-1375-0x0000000005A00000-0x0000000005A01000-memory.dmp
memory/6276-1374-0x0000000005A00000-0x0000000005A01000-memory.dmp
memory/6276-1372-0x0000000005A00000-0x0000000005A01000-memory.dmp
memory/6276-1373-0x0000000005A00000-0x0000000005A01000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 18d66a94793b8d3967bf760b91ad7d0d |
| SHA1 | a06dcecbb88578af20afd993e100624451cf2d4a |
| SHA256 | e44a52174c91af4f3e8eb663ea0a175f8c7c5dea2e6b3d7a2cdda42a66a64d34 |
| SHA512 | ce66288fcd2713a2b668d949d5df7c78ac1c8ba5fab49ccdc7e01e1a69d00d8517ed3170788ed84d9110b154a0d94ffe7d8d86f8a1a714ef878d7168d625aeb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b595098ca0b4db1e631b1bba26fff746 |
| SHA1 | 10139a5381e4d9c14231dae3cbf271c5540e3cdb |
| SHA256 | 41f2189a9062d86ae316011b15592524c81a0f18c9672af51b9af3ebc3a5e16c |
| SHA512 | 15a057e637481cd9ab16339035b5f8ba3319b537e114291f5d56304e7d6ca0e0ee11db0c94b6cbbee8b8d479b0c7632df2ed7e6db884dc928387de00ee40c00c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 255c227ec86689d796b20b37c2909e1e |
| SHA1 | 676f27b352692b508be195ff0e7b36d52eb086dc |
| SHA256 | e5769f270a8279cc30665934ec0bf8e0664aa82501c58c8f5fbf0afe202559d1 |
| SHA512 | 283e11088571218169edbd2497834d637b2370e95d26d63e2103fce68c15aa0fc8609119f274bba5706bdeb9d6feed51cfc7509da8428063fa2b11ce8f070685 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3714683b9465c9d476ad31e0ae87ea1a |
| SHA1 | 758d41a05336252e27924a221dcacfba6143a038 |
| SHA256 | 326ea9666cfcb1bb1d52ac1b8234fb7a73475b830f66ca6e2a13a5635fbb0d19 |
| SHA512 | e90aff3e674a4bbb5e31d7dec6c6b052be4af374b4f49d21ec9183045a8af254db12bc26ab084dc5eb2cfe6fd415136d650d0620c7c6831043cb162215c556d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2c60726e865404e95c73f079d0089637 |
| SHA1 | b3a2a651fb3143c15cb35b64f772d128fc940f2e |
| SHA256 | 1368ac6aad3e8c86ef7ac0e6377d8ac3545440606cd9c4700ffac7f3d494c867 |
| SHA512 | 9d93e4a86ef425db848a2bdffb0019d0b7ff47435adf99244283e2a1d840896360c0b6154ef916f1b66dac902111aafb954e1fd423d7d9138e5b0230ec110b31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5ec5973973fd883d9e5476e3cb9a23c1 |
| SHA1 | 88f2fd0ce3c0ef10f69c7471447dc56212705b6c |
| SHA256 | 402cc8064dd90392d04cfbb8d0c265c998708053b7cb9ef2c4351d7d2e175ea9 |
| SHA512 | 660e088d39713474d0228d90960e610e8d2cea4a135548cec11e6093b04cadee32b921e6f6ad850451eda0b249e3a275e397e3ce1d73a499d607514017ab3c60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 28b40463ca2c1e27231f7420ed69af8e |
| SHA1 | 346e02111486c28895ee79f7b448fe620d443a5c |
| SHA256 | 0b3995a59beefac76e0d8eda3179c63326bf5b9b7a68b1e6963646a2afbb2bab |
| SHA512 | f64143958fa6e16cffb6fa195e0d606068907fb5997e0f0aed43c8597d5cdbd11e4b9ccc72af3ce364709412ba282a24dcec8ad7141cf08cc0826237b28269f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dcbc322bcf56f65fc95aed3adb8d72b2 |
| SHA1 | 9a9a0292f215a45d14b003d6b52433c20ba0f47b |
| SHA256 | 8b7618b581461594206329e1e348492f2a6e83ada3527e9edf84b8ad53a6bd83 |
| SHA512 | ff7254ca6252d1a83de2b68cf3ba46c7549bb3cefb7af58969ec8fc6ff50c67748452b0e4281c2c744874226373f47beaec797a99c2a1c0ae5f2c6fbb2b7674e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8831116877a53857b4e755cea4cb98dc |
| SHA1 | 7c77c5a50b815b6000bceeaba8230f7cf084aad3 |
| SHA256 | 0e2ee9e299d6f62269a2bb1333c0a0dc33985286280209e29ebe9b97e8e01aa7 |
| SHA512 | 1f254df609ed83054f153e37655d20d03313cbf2bda4836e12141bf151a4940994b6d5cd44e8784520748ae7c1a707fdaa592933641a72280bffb597b3590d21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6c1f7beb305787ba11e65283496503df |
| SHA1 | e4a90d93a262b7e0418dec59918b0f0f2445679d |
| SHA256 | 47fdb795ca60f04b125d171e229df84f5c128c37b2a3c26ee63574c09addb7cd |
| SHA512 | 26e048eb7317460399e4158759085d53eab3339e77ee636a6aaefa93563d8121be27fa1869f50d6c65b57171db762db5de49b36969697488870d0e914d278c84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b850e81bcd12513b23dc434ec31fd720 |
| SHA1 | 62e12d289e328fa47fef2e4a157f5ba22b83a0df |
| SHA256 | 4d9b08b525b2c5f233e8196f2c87ec9721fe437ffe4de4665f5a3a908e9453de |
| SHA512 | 846cc6e192046062300137e86a32d83aabae2c0f9f98bb2cd39a2ec9e64ab613312196a0c5be336c6e790df30d567e76dce2040696370f12849ab44a31f5be99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ddbc4b7765f53cf6bf80d8b1447db39a |
| SHA1 | 4f1f2d7143df7bd7c9f3e1a2d43572c65e64b5b1 |
| SHA256 | 8a8e8297324e6c95eb1763de07cc2d7bc662a23ead9280b0364f1313065773b1 |
| SHA512 | ff098ab64c46ad024435cbe7b2cb019e7cd1ab832057165b56ea519f5169659e54f2d8a77dcb0373c3844353a1fc55c6f3aab05f1ad125c4132ffb5308fbd6ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 2892eee3e20e19a9ba77be6913508a54 |
| SHA1 | 7c4ef82faa28393c739c517d706ac6919a8ffc49 |
| SHA256 | 4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2 |
| SHA512 | b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 6d5860069a966142724c5d1a43cab974 |
| SHA1 | 78968439e895fab3bc80cb42e46c045f035ab0eb |
| SHA256 | dbed9098c5ab8ed03d153e458d6d42c90e271ca7256f973e4a0dee17381bacd0 |
| SHA512 | 7c70f5f6b942f49299d08cca2dd7236ded578cab535484da26c98bc2e7e045822338a3aafef7cc12cd21114d5cb93dc8d3059abfef8177770e72fd8c1562c9cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2a3092133bb3944fb2bab5f8bdae4b2e |
| SHA1 | 88e300d9ba3dc45552d704fa8b70445f34ab6360 |
| SHA256 | 6751b91ee0e84187d61a03ca3923c5f3d6f3aba0ae88ad386e8e2c620ed49bdc |
| SHA512 | 922ee3fbe7846f5e9d203f2922eb4f95fd3c72fed4eb2d412f6659ac4f72832b17958fa942419808bf2b80c637778983d4c2d04dbfba62484a2905fa1328c9e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dd6c3f386211631cf4d77c666092f899 |
| SHA1 | 26c0fa54ba6e38f90e141f3db3e7178540e62fac |
| SHA256 | 4915a758b554506e6d4e76cf31ee816bcc732f119171e1298a09de879700f98a |
| SHA512 | fe2182cb1b01be459e8d34b8e4afba59a28063fca716230680dcf9b0bc039030476185f15f652337090aef326bb7e389661fd4494087a6eb7a085eb9f9e96ec4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7a46d4462aae707e89aa6f23242c0abf |
| SHA1 | 3111558e8ad1192aca7ce050e68544882a02093e |
| SHA256 | a15b00aaa48d40f939956ed2e89fd5b5914ac7a1f87b480bc70a78cc25033eeb |
| SHA512 | 84bdab5bb21b391079b2f038f27e4c6a469ee7df1f73a5bb5c95f2a5e6caee4d497b2500db1d07efe59d3be649aae20ffed27283a981f7fafa3e2db1049ef9ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7ebef41962f3885ffec5c66bd58a61ed |
| SHA1 | 4774b700c623e7cb267f17d08a63fd7da6b0a13c |
| SHA256 | 86945d0d49ba0d07007c81a9b618e91b7cb2c988be27732f6c2f1e6d9f2b2bd7 |
| SHA512 | 55627d8b3519b18c3784462945d30b7896992b383436a47de2aa2aaf40fed0be784654230563001b91ba4761bbcd21b4ce0147be583a6bab5eecbf0107fdd383 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 223be44711a9de45e50c0b24d2c7d527 |
| SHA1 | 79da3dc3621167c4341fd41192fa9bc24e7a77ec |
| SHA256 | 392fdd02cc418b46ba163ea7db5460ef7f78d4e434484572234e0b3998783c85 |
| SHA512 | 91c389dbb016e564353a8a1bdb6a8a7a1b4aff43ca08601e4a65fa6699ce315726116a9e7244c8488fa7a5a988ef78d39b7cd362370763b7a14165c6a238974e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | 5b611912157812382ae02bde399ff48f |
| SHA1 | 6089fbf66004233d7f64b590c883156200df8c54 |
| SHA256 | 8495adbc7f8e03685d4b40ee4141a989d53f96dd1c95588612fd6c3acd77ecb1 |
| SHA512 | 357afe88b2addb2a73d164d552feb20b73b576d53027442a983e35e64c395d7a469d0b851f2715a0febb6534359b7323a050d87a2226969adfbdd43e99653707 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6c63d3cb97fa375883ada425614bf13b |
| SHA1 | 04cfc9795f5a5a1cd60f570c681eb933f1a37649 |
| SHA256 | 6ffe93aa23efc198ec67baa1315cf80ccef6b6c624588b002feac1f43d27926f |
| SHA512 | cea7d4dee09fdc30a10e4399ca43e9927ec2f999464625daee990f6f5add6c6a70f71d58744eca8747486e88996c42c9f98266b308f880720f05229c2423ff69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | c6b0f95171fa2aa59458f9c82f36fa41 |
| SHA1 | 203e9f34c6b963cd318b7eaa65d35b036a88fb5a |
| SHA256 | 839ed500777fea51856b087dc772416bb529be3fcc980bd735c40abfe522d322 |
| SHA512 | da87caa4c81a4dcf662bc7f81cff9332964cc21d8022c53ff7abd8fc9936a31230586172ceeb9d13d483e061b6ed990ea52cd8fa609846b25b0b7b792d37a3c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | baff94c63010c402a48da7cb2ef08bf8 |
| SHA1 | a6bc98e9fe1b1dc9dbf168e7a781476ea95e7407 |
| SHA256 | 517b17052575e9e90f98e7e3ddefb178cc2ac72ff02b779ff488fbcbf9bf9adf |
| SHA512 | d939db777208d103c46c6905e497211e7e872c601a7fc6763103cffc0d9f90ca0ee0ba6269e70fb17054deaf96efa26e378c904a95206f27f225ef2d5a32bfd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
| MD5 | 4956a5a7644eeec3c23c11c34eb8d8cc |
| SHA1 | a5a07b734e130facc24e0d45b3931d23c4858174 |
| SHA256 | 0cdbb6cc76b5af1f50459c53cdac5a883736b1e78c22d3876ab127646790a9c5 |
| SHA512 | bfdc9b07e753b76f84ddda98efd611ae26dfb44be5032b1a01563e18e829fb6f6b43f03d09239b054dbd1fe599edea8ea291e3b9e15725367b7bfcfeedd77d5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
| MD5 | 50e7c652cf5d57d97906cc8c89cccec8 |
| SHA1 | b44c48b98c90686ac69762412e87099693cfe308 |
| SHA256 | 17fdc0f29e08e58b3157887e3d01f54eb089ceb07ee1f11e7c23b8aaf24d17f0 |
| SHA512 | 5b9f0ed5d62b92b85a56b3d3636f5b3f2b00b7c0ad1a29a7a8a15a9d41ffc09230c71631d50a8912884e64b6aecabfd88a41eb0eba41a7590a6979cf71ec4668 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | e8796850aee639ff9b8ac2c23110889d |
| SHA1 | 58e002b8e3929989c6fb1884576a6bcca32c6e56 |
| SHA256 | a308b4c8b64a08af56a24464cfc50f94c152633c5033789434a22db80ff496d0 |
| SHA512 | 822afe14a9c4b4cb06135c52cc3f4e63661836ba22b655df6020f6c6918345597933edd0be4b816a70b3734045665f2d50b7cf1870a5b9236a2c07be70b172b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | 45f4d9e7d2e260e8288babc1c6509235 |
| SHA1 | 00b2ff2b04aeae39c3a1acd010c8814bf9f775e9 |
| SHA256 | 9e0bba84f77cc947769f33b6a9595f95bca6f04e76b38d3f6be385e6c00837a7 |
| SHA512 | f2da98b6c541267dd2847a230aa9bd7589b4fcf8e0cba30aaa0314f92146981ec654506e005b9b5d33bd23b6cea8fca0c6953260943bd1200cdc33cc903550e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | ae2b5e6fd36c38beb90ca24ed95ddb5d |
| SHA1 | b447190bb67f2a881b718f6cc70a136d698fc5fd |
| SHA256 | cf22d1a1efc7c1aae3bc34d87149304a0198ddd635df1d73ba4c87dac536a136 |
| SHA512 | 5bc508d40dc2d9f2b81582ad828ed01e0895db01178a3189383e58723597651f314b80c6c1ad16300dd8f886cc64d3bb9131d58e0f71f46bc3cb92d15a096db8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
| MD5 | ad819155d49345d5b047f0bf19910bca |
| SHA1 | bf4b97443a00ea6b266ae6b029931c0702bdb33a |
| SHA256 | 1f60fdf86104a57563d5cb098a5d56eaacd3aa7b7fb7a0c03bc2bec53c19ae53 |
| SHA512 | 02dad067243e66424b787c6b559b77d2a78962fdac978c054a7c5600d14ba9ac7a303eef2132f470bfa3f5f4c687b65cea66f84543c04d69273ea6900b49e793 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
| MD5 | 5cbd557916865b85c4ac481397333477 |
| SHA1 | a1f6a22bda059bc4b1206b6dadecfd7140029a42 |
| SHA256 | 51aa0b3c0811fce9578157e0c9677eb1f21b2a4a8c24b5fc6fe55c8bbf599bb4 |
| SHA512 | 302b61f137eb7bb1d9d27d054ed019953e493d470a03cccd048a17bdbee834ce9238bf1d21b8a7f4cfa5852affb134b4edb8a0b1b101116311a8a4d324a462bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | 787cb060b057c5d555662c23eb0e0d17 |
| SHA1 | 03bc1200f042ef753a24d14598d650009af516a3 |
| SHA256 | 5cc3c2d9ee42152d916e0b7cd2a6837016e17310d982df0e179b8867504065b0 |
| SHA512 | 9d9cf95cc3c08899d03622a64e0cc5af9b68edb2a9d6b10fb5338d29e5ca615c656dfba4eb5b1e6d6f262b875e68274c386452b09a3d51e8e6fc83206ee156d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | f81f6b2a4dcd19e0fa3bad790ae1d3f5 |
| SHA1 | 70b6513bfbf53ca391f165e87f70aff360df1952 |
| SHA256 | e922dadbb7b48a72f5e6c63ab718f6c5b22dd61b8d8b933fb3b5eaf470f25d5c |
| SHA512 | 0e6618da9e6dc68ff7c4b8f97bcba3515ce2c212e809f78b4718d250a52922306d37d16eced428de501a23b7a4b9c2791ff90479cefe96dfb70996a581c26c9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7c760f4f06ce141a9c1405ee58321ec7 |
| SHA1 | c9129e3f61ebc110692b5eccc4978d6e0928effc |
| SHA256 | 1e7a314366f080e4ebbb0102e5e468d8017170cfbc5fbaa3c5841cd60eba36d8 |
| SHA512 | 722101102c6320d7dd662dbcded1339fab4e46690c97c70e1ff0cd3cc1db0b101d034b1d94404864fd91f60882485d5266fbc09d46eedac6cd8ef6c229c29944 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fe1fe53bb629d6103cf367e450a27a87 |
| SHA1 | 68bdbad62cb3b9c9f7258a5c9c9198757a4528b0 |
| SHA256 | b59febd96ee689ad9f09d1ae9ed451a00993071e559e5f423bc93b530c1c3eb6 |
| SHA512 | 9458e2265877e8f301098f969b5b500436713784ef50c2face3c9aad26f4c25147e6327bef7ac5362e8c384d4b4ef8547fc379fe76952bd504477ca8c276774a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cb84631da4163e58abcc698469d61acd |
| SHA1 | c52a04df4fb7473b9202c6cc24044565d78f72bc |
| SHA256 | abbec13709cf66484ce4f2c6bf9b0ea92186d50b87c94fbd09d930331f231e80 |
| SHA512 | 0d8f8d5ae8b275a4d6b2e741b430f3d749f4ca66afbd4fd2f08d325b7d14709420dedc3c1932b79062b3c13b17c5917b1857311c9cd5b44443de47f98c3ee646 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6b87b7becd0fedcb3e2b63514f593c40 |
| SHA1 | 3756905b6530a35d74e1b8968c942e8015e5f279 |
| SHA256 | 0de60fa0fccd1202e57c3ce000999c3044b0a41d8448bf9591d09e701c28b1c1 |
| SHA512 | f803d98c32cbd0a87526766652d3e6dc36ff68297f2393f683f330157e7c40770c65155b943bbc922e60a7051a8167276a3e0d119c1e3e8cc745a245fd060c22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 57303020c4c2bb860d4f288191ee7e12 |
| SHA1 | f69e31a551f77a23353a5727816e580bee5972a3 |
| SHA256 | bf717870ec6b1374935201ce1ba442b16a35c0b4ba87f60705d09b9c5e41d0d5 |
| SHA512 | c634dc13579509f26a781ee983d31a257221ab8e591200952dfdd65cfaa8a03a687ae9ff9664c6c14ce5ce0873fe0ca530664612d37f2f0d306d4c939986f599 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a4a6756491fcda00fba6841f49fb3206 |
| SHA1 | d360658be0f3290a7616480cd18839c9495186bb |
| SHA256 | e2c51af62695aac287eae00f989fded8b5bb36dae94c1164c6f87a60999d6e02 |
| SHA512 | 5bf6240be44b93e0f1fd4c9157893b006cfa344121f4837d57ca56e843dc239eda5441c832a26695b95d7ea032f03ded056efdb22ef33e103d95a5cedc851fcf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5438d614cfa44b27257881c512474161 |
| SHA1 | 4f0e57dbd1a83e23ac4b431c237b47a0c0eadfdd |
| SHA256 | abfcc69cf9f825a284922dff67d0cf0bf16e590aacf8e9fb62eaeda9b57561aa |
| SHA512 | ac8aae2ceeaad4a07a5460f7bc57565e71e44c7f9748dcad6877bd68f956b45251454695f92e17a55cb13a14455a8821d2018e9b775b1862e1d429f16cd34955 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 559015289adfa08342cd1b234197ec18 |
| SHA1 | 1078f73ca4e6a4794e526d59e6c9ca5dde86c9ff |
| SHA256 | a09d54d6c5b2499cf58daa2cf3edd1929b0cfea7ef0a3b5d7c2f416e2355bf84 |
| SHA512 | 03244a801639bcc7aad1209e501ac168c352a05cb48eafd0e318fd0a11aa78c97f97ca85ce43ff84a79ea2eba4a8a3786f43cde80e43c4a6051f053a29886199 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cb4b89bddca827669d53bb494d25e185 |
| SHA1 | aca05a0d7247c97ea42f38fa5a1c381cce3201a7 |
| SHA256 | 48710176b74ceee09c022199f43ae7205d69a821242ddb8e242f30dffe83f089 |
| SHA512 | 4a98947460451441d9b6038eb9abeaf11a54aabe97b417eeb4f8b340aef6e3602c5e945644b87e023dc06aed7cfd1130bbc304186c0a143a567ce7f4cfac725f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 60bd233666bf9dfdb567c6e1d820f572 |
| SHA1 | 91da52b2eceda52fc376480f7304dba68bc33ab0 |
| SHA256 | 7e94b4dc2d6956dbc56d30054ccf99a3edae4b483b43217460fa7ccd2836a192 |
| SHA512 | 5aa08daf6900cae0e770a32b7165de9ca64bd003ce6148e350c247dcafba8bb90aceef8a4da7d017df41153e63165e6993ec6bf88aef9cd73a8919f0954c9453 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 35e7e13a43839a62c0265d05929f348f |
| SHA1 | 8bdff014f771505aa3b412eef83bb72561b81315 |
| SHA256 | 006220a9c79964c184698d06e2e658b2ff151fdb2123ef62c619abebfa4affcb |
| SHA512 | ecffe2cde3bf6d92ef8e3ae93adc966854c429309d622c6946ddb1a47a6327fcc1dd7777c091792176936f5682a1fbf13cc1fad6d890587ff3830e3ada6960e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ed74ed710b7d234e2191c44945422971 |
| SHA1 | 8d16ef7adfac9b088f8d4c75c190ccd7e7bfd204 |
| SHA256 | 6e927b425256ff9babb909f1b3780f1f2d0eee7eb928aec40cf5e24bf8070814 |
| SHA512 | 27ddf1e5af5a8eba7412ed5bf89ec82b6a46afbcd468f3060a874f5416f4b017cae50f79c0de17daf6fe5b5319aa31668a7b33da67c0463cbabb38114dc7b784 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\854b9681-cedd-4fee-93df-4b7c23619563.tmp
| MD5 | 8d3c5ed4ec6919a4909a697b26a3a2ee |
| SHA1 | 40ac0514fa87f4a9116a266c2ceb9f5918493fb8 |
| SHA256 | 83ac04ce48a015bb85948ce0966a217650fe4d6f7ba0cf8058a732b31bf8f02a |
| SHA512 | 114335c629ffd9995d0ef6ba6077496227a757c974f938557e4f78d094c606ffae72f0e681b43eadbdabc8d1c0e025ce295612cbb531084bf6aef92e6fa7792d |
memory/9820-2084-0x0000000005AB0000-0x0000000005AB1000-memory.dmp
memory/9820-2083-0x0000000005AB0000-0x0000000005AB1000-memory.dmp
memory/9820-2082-0x0000000005AB0000-0x0000000005AB1000-memory.dmp
memory/9820-2088-0x0000000005AB0000-0x0000000005AB1000-memory.dmp
memory/9820-2090-0x0000000005AB0000-0x0000000005AB1000-memory.dmp
memory/9820-2089-0x0000000005AB0000-0x0000000005AB1000-memory.dmp
memory/9820-2087-0x0000000005AB0000-0x0000000005AB1000-memory.dmp
memory/9820-2086-0x0000000005AB0000-0x0000000005AB1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1606cd2c8c04f375f6a6f10339fe589d |
| SHA1 | 77ed41f4fa905cbee7a31bd0666734f5b37237c7 |
| SHA256 | aeea245cb0f527359ffdce4f94817e46db1324fc3cbc6fb61a52cb6092252f62 |
| SHA512 | d9344574b20cca8e20e0c506f6127226e13704341217eba9845ca3f72c848c39499ec446990c349d2025c3c0feb4576ef13264b2d574e7716661b37ec687f020 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 080d466d8c090dddc7eacc0c10eca6f2 |
| SHA1 | 0c60389936950437313c1865c13bff2b557a5408 |
| SHA256 | 94087cd2dc873012d39d0d8ae7475eb801612499e9bff6b6dbc9c1d53c8799ec |
| SHA512 | 9c35b04e0de19028469e7a94ef69d74ca73b72ed395378b64a7a4f03a91ee2df5209fe63938fc81ef8fbea5ced8d5c0203f2a916415792af5e980d6331285e3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1ca1cbf34f4492f9bb64a50e79cdc635 |
| SHA1 | 45c9d305e26de0180d290044c575c66bdf8fce34 |
| SHA256 | e55b10072b40f1cf9c4d768d1de1cbd2b1e432051575eb541fe37de3756548bc |
| SHA512 | 0f983d7551326eb155308d0f9f7097afb78ae77c1f244f4f54ae2e113fb53b3ce7092d6046fb06677b69f8c07d54de01bb8429e2a8a293b23654500dcff8cde3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8c5f5ab1a0d139f89b21102aef61ef98 |
| SHA1 | a9e576ff25b8d25ac353b7809134dd3c4d81d26b |
| SHA256 | 7f3a7ce75228c0f43f26551b8d29899a066048ac4262603f9bd1ab752420fafb |
| SHA512 | da2c870906e848fc49c798bbe744b80b9c9a46631c2a979dad8265efdbc5f8991d35c6e66083969a512b7cfeb43d8c4c02dcbb070ed26fe0d29a6dd8c40d56b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8f84af1d48521b3c5507ab7c2d6403da |
| SHA1 | 0f623e991abc0dc036926d8a6bb40ccb23b4614b |
| SHA256 | 5254e243594e78bcbe476e5a14797c6412d9b8096585e8ea757331a4ff40d66e |
| SHA512 | eee261b32012c781b25bbe6c2ca372544102984946a392fc7edda113a5a6b3b444620785f24ce5aa1ae2232fc0d7aae65352a771d1222ba71e7ac73ae85e9536 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5443c2827dbcd89ecd735c22b6114296 |
| SHA1 | 5842ebf908e767b74914fff83860b672c2393edd |
| SHA256 | 951ed2a55f7da32f1f588ae62b09bfb5e7b66423ba454264f13cb6e8577cba76 |
| SHA512 | 022620739b35d31d5e8096d8ab3a47f842e22f5261635b88a6dc9f3c8a06e0a5b362973c8eddd1d1890c0e0ec7206cd0f6521e7afd91b817289b4af891c4b4d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c11c62b2cecbe168ddae490605a35bb7 |
| SHA1 | 9b204ac872d0da8c8ef1a0b9d1eb00e16cda8506 |
| SHA256 | 19f371e6f06bc3f43e23337fac561f1542743d7a006c4fa7ca7dd190ace58fa3 |
| SHA512 | 3e2b0433b7f0d552903f4f9de67e9999c86dbab2bbac4d6779dc4b6e9e3780275ba7746e870f9da14a90b6c59e31d729b15244bfeedc5308ba22ec2127a8b672 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7e0e0efc363fcb403fe3262a05e7a692 |
| SHA1 | 549d0b07b590e49ca4c2a476b920a953f9e507d6 |
| SHA256 | dda6790cc7350ddeaaaed4fe2fa04e852a8211efc32e7b186189d3d08c413e42 |
| SHA512 | ba9d2985e8e5f2778c425af304f950607dffd1b2ae4bc364e6f4d8d501d0e2e7b96fb2918ce1d218458cf1e57232209313ec3d40b107bb991e4d2cfd47cff464 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 094db891395bc47a1ed1a5259a087957 |
| SHA1 | b55bd9cc2458895fe22a583b6d1ef5c3671552e6 |
| SHA256 | 8be242da82a341111f30cab61d4dc3efc7104fb9e66fb31cee184191d5ad2cdb |
| SHA512 | 25e7483c0e830c4a40d3dd79bf6c5c7cacb173fdc598840374e54b8ff8513f4b56496bbc7d8ba5bebc44671dd3d5f5495a4fc2fb22357f725638f10cf60de573 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | af8b6106e1d6d5780f2f344e8d60a7c2 |
| SHA1 | f01e222f2927f245542201a2d1d3ef6543ad8eb9 |
| SHA256 | 48c21f256ebfe56b82af41acec002ef704ddc00777999a59005a351b73a90d78 |
| SHA512 | 0fd90bb02475ba9c453f91e5aa473cf653fafcd17a03d3df3c5c621b922813f8ce9b7839d5c8281bb4b7d0f30a77021d126bc804ccb22327b81667c6b8faa626 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9912a325a7c8fa739bad7c0c5d977ec0 |
| SHA1 | 2432cb3da3b56f684cd1d5920326cfde06406289 |
| SHA256 | 45992b1cfc15d5063269bd6a6eb9cc495779428ecf9dae1c7e95b0481424c0a6 |
| SHA512 | a0dc127fc8418544ca3060bff9799ef9f7057ed93e25b681782ababfbea243698248c3c106d04cb52570a9adf4a46813a5ff225a334fa0b0a3544021c3f1c077 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d068115bc9ed3fdc0693aa39b479777b |
| SHA1 | 90e7147da42a4ddb3ed35f2fc4bdca9df1bbf2c9 |
| SHA256 | c7333820d6a7962e058349b916c75dcc32582a86fd95c5685db82678d1b5d7cb |
| SHA512 | 433e0a9c1962c6c2d445100a9386e8757915f16db2062c1486d6d1646d3567b8624bdb53aea88eacd0c82fce444f211e40f00fb612c79c1599199109ea7592be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b2a56c90b15a3517f5c01b51eef2ffcc |
| SHA1 | 5da9d53bf08c20ed66866839b01becde4a04cc86 |
| SHA256 | e57f559290fb5ac7d4d884143fa0ed143dac49ee2d4e6c52887fb9c5c48a7218 |
| SHA512 | 40c41881d56b7f1e8fe9ff69945bd8e2f29b0acbd8cf56791153d64aec1c621a53ae46e69eff0d0c415c7b1d08a0ca796d1fdb6bf9c85bf3926b9e38b9c3f161 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 49c5f63cfe598c72e1176ce5e570eba4 |
| SHA1 | f3159652de23a1dc29d97d697cab4240c8e44dcb |
| SHA256 | 136feeea9bfa44d58cf5f56365156b88946410d0d2a0fc47ebe5d07f461044bc |
| SHA512 | 0a07c997bda24913b71fe199508b534bcbb97ddc3d1e5fd3780dfd7271f53f13dc2c1ae00263480f37916d95880659160d5017ec4b31a8fee720c965e64eb7f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a66c8cd5ed59a629f1cd0510a7667083 |
| SHA1 | 88efd7a664d64910a5a3d7b7032975762cf3cf03 |
| SHA256 | 26e3f51d547f7bb63904dd9b6a49de88411628104022ac021bf3850ea8527a48 |
| SHA512 | 3d2ec62dec6548c1d00328afe50f6394da3c549b1c36672c213b53a1c8fcb04ac760e9f342e24f81fc47227c956314252b3ddef83c8ba4804a40743aad86f9d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ac05287c5e711ad5e9f48997cbc302f7 |
| SHA1 | 3c01d2512fa172bc2dbd9dbb3f80566de4a2243a |
| SHA256 | 53a8a8004e67f8fbfa0cda4d16140ec2873e6c331a951bf0d3d9edfb946855af |
| SHA512 | 30b0a96900194455a4c2eb39be9ae4193cb38155f11c50563c344f0c30f41de5d17d2864e44c06d3c62591a5ceedd2dc9679df7901836583e524f8de425eac81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aab66e5fa147b6195287a8e495b2c72e |
| SHA1 | ce936800daaaad3b0c9c075490b9b07620bbaf58 |
| SHA256 | 25de20510dc5ee1bd258bbd89df87678bf0a1001a8b359a62492cc05589f6c89 |
| SHA512 | 413fc4f2ea3cb0a0b8ed1b83281ac826680d705e685d9560d6a0a2f14d91bf477528b06e971510397b4656dc4b0f99bb061c185e11894cd93ff1ab0bb7ff7cd7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a0378a934998b0755100eb7c4407cb29 |
| SHA1 | b068129e4e48cbd3b724c74ba6c847ac360ce746 |
| SHA256 | b87240697f5e56c88b2d0817ac9ed40f8c2b623cd0e020060e28c76ecada951e |
| SHA512 | 2ca9c054622c5861768afe5121e511caa00784ee6e295ace63c53d28e7271f19e447d09d8f5b1f4111d1b4c401e0df8934542ef61831ac6a7fc20719a96c76e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d16f22c803dc04c3c2df1cdc7f9cc618 |
| SHA1 | 48ab328b4ae07ddd298a02b2579622d0cfbe155f |
| SHA256 | 2ee210ac8095462b7cc18f7f1bd5efc3762746224dbd7f6a0ea9b2590beb852d |
| SHA512 | 8784eb6b7c7bef37a5335ab6bc87c499b157215c459f0ecf88f8e4d4205d09b05994ac9140a0fd60886a1f278e8987fa7f9be34fda83226ad931dc6b5ac4274b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6bcaa34e2017ece54aca1b9bf1a342e2 |
| SHA1 | f47346f7cbec065db05413bc957ce0ff90055616 |
| SHA256 | 1baff31c5431df740d393708a2323867c873fd7c7e747f544b1567b83bc41db1 |
| SHA512 | 3839151e9ae0d5b61602850af660c1ee87d17530eed6b1d9d7803e09bd8daf491f1ef2fc9bc9498a7cbe039145bf7d79faa89b1bc221d2e21809b4908bc893cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eb68d234cb6055d95010da3a462e18bd |
| SHA1 | 1dbd412df2f2819146e77ba35a7140da14f82f7d |
| SHA256 | 0a30985f68d5f29bebd3dbef062a2fce3bc8d0057437d28c96c38b5159f67518 |
| SHA512 | 2e1db08412c4c0a85ec146f1dc3e40b76360b967754fa16d303ae5ee6f19384ccc16bbbf98494f71fd803446b37b6720ede4131b43953ddead860e9f1db87770 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8a994d71fc12212e92e96d8203523f0b |
| SHA1 | 29306e111b3c488e67d394a091030e00e13ba29b |
| SHA256 | f819faa04907c001323b099c068cc131d2077e8dfead18a8034ccc5bffee5c88 |
| SHA512 | 1ff21a98527ceb024837a271d40dbee921ad0d714010881ceff9e3127adf2d80bfcc83180a0133c6c4db1f3ac9132b41dc460598ae24a8ff5c4434bb167edd58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f8b543289a666b569b92a202145d8900 |
| SHA1 | c69154438c72e963491bf32359abb36ef68abcb4 |
| SHA256 | 00d4c964e3939504af69ccee2e8a61e5b8d8059d2d0708eeb8d04fc0b3593667 |
| SHA512 | 5726667aa47860ffb173fe212000d796612697eec7492dacee99a5eeed53c9fde060b65271d02d510d49d7d352f67466da1f5f23b735d44fb2a4308fa24fc765 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 007d520ffde95bdca7286abfc183629b |
| SHA1 | 0811f5a3b29e4762abfeaabdc0fbc45002f18ffd |
| SHA256 | 64d5a627bb35ae63075ecb7bab1e071eba834ad114db8e9a059401b850cdfdf6 |
| SHA512 | 0223a1b3fa7bee929906a960aaf396341cbc63a82882db4d25da19e2a704aa55ae8b7836b37aec18fb4bab2a5efa281427196f76a899c645944d8a72a166f466 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e893d13acf46a37ec3a9a4abdd27da91 |
| SHA1 | e7c7f0c1096c19d60e06d3a91f03329ca0f1177b |
| SHA256 | ba7884e68e6fccb050adc54f0e44fbc82fe2416c2ea61922b844003d9f74825a |
| SHA512 | 93df7695aaf242ed89145186e35f1cb8afb5c46af5b5bfac6740588c3b01eed1ee9b3879a80fa1e3d3b67567c8553eea794ca2d180d98d769c5f4e4deacf826a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1438120f12294dcaf641392efc2b63a8 |
| SHA1 | dbab57e8eb7b14d0bf36a7a045365aa81aa33bca |
| SHA256 | b73eeb2f5d68fb00257e89c10e09cf921149d80940a832f289dbed53b1817421 |
| SHA512 | a1ff21d8a11d0df94dd79b25a7c957f69717529939aa89ef1382459bab671f6ae33d6081f3dcf1193c9807f8094bf9dc10b690d7950b00494f36ce1b1a4a990b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9534a3b79ac70207839d63e60c32795f |
| SHA1 | 422b03a3e6120443957ef030a3b9bb9b2fcb983f |
| SHA256 | 6043aa0cb0048ec78d58c1cf65fc3832d01d7fe275177c9a643f0ce0905b9aad |
| SHA512 | 32e292ffc7176d1ed59d4ebe8edf4f717480fcf71577b31ab73626af55f65b0650070cc1bcb073fb124b548688a9907192c77099cb088cbd6fdea0535a2faf7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4b8c86487e79bed57c96b6a95d175f68 |
| SHA1 | a8bc431fabdaabffe97714daceb5270c7928ebef |
| SHA256 | 6cd050737ce9c846c8bc2f5b39e8263b1b3f7ba06a77f0c478602d668ff1bb08 |
| SHA512 | dce578e0b81fc63cb09c489fff7f34c9a1307d429a9befed880960b306f1eec68ad7450c1ec394563788ceb102cb6b9d207ce40499398aeb43347aad8d7cc50e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 20b26e0cd947788dc3c05ad688fddf15 |
| SHA1 | adb8237d893f031e5f77cce4ee09aafa001ef99a |
| SHA256 | 88834d3b880819f8c62d26f8fed43e3c9d7ee9a6dec59f438705bf14a007bbda |
| SHA512 | ee83ff58a8162526d60aad7868368d67bb089f014ecd271b34df1b943c96f7bd89121c59fb708efbcfc5b56f5d349609aa1576dbcff9a345eb8f78f19865aa2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c106b334fa0ace3b63e26a4d27d08aaa |
| SHA1 | f2e1afd7efda5802ae098b0be3c87ade9924d77a |
| SHA256 | 4103f13f3ad322512a2b120defab5361f18581ed5d3a1c37c66535d571266b26 |
| SHA512 | 6a8bac19ae98d7fe00aadf753a4289d86088e63aa9f79f288b2249eb02f88dd40f99a1e68263d451b70256ae271f3691f727b6765a1332e339a0214b55557788 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 011bd05e23a1eb6d3fc83315e38f5058 |
| SHA1 | efa9073aa053b6fc64de4ea9a5488206d0bb2e1d |
| SHA256 | 45b77a68e1243ac4804827b4a17dc422ca0778acc41ccbb2cf9579e5914d00e7 |
| SHA512 | 1c299b1e518801b02f658e3b018cf66569635daa1edd9886795944099401bb67ed8d1b35577ad719419a3c2b2b0775bc27dd05e79a1151ec2221fe302c8a4a5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d9e5aa58d365ff40a6d124967b87b67d |
| SHA1 | 6cc2dbc608dc6f6b88d626d2a4c2f527b370d0b3 |
| SHA256 | 82941a08611df26973e2fb9d77a9cb2b31b9bb3f86e0a6c769e1926bbf81e98e |
| SHA512 | e2de29da0aac8b606d1786cf712ee95afc27b8d03a6308ef5970dd1d005d4d7d24ccbb38086882b654fe0a8f3aaa5719690ed4a5e63b2b646a04183d04549ffd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1bec9a1b57d564ee2626f6273e0f1c90 |
| SHA1 | 9314fd735c8a4afcd14fed79f1870539cf9874e9 |
| SHA256 | a497b55b3d44efb08a6753783c74a1b7838211dd8dab882274e52c7f584ee7a1 |
| SHA512 | 31356e298146d023eb011c65c014e9f158a48eb7bb1eb0cea98152bb01e29f1fb6856ab792e611f16c558bff2183a4a872cb6e22d27f22654072c8bd2d58dc32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2125a41a1b0106829f5dc93a0ee46074 |
| SHA1 | 78abcd8bee7ea1bfd8e6a6ca7033aedcfcd89fa8 |
| SHA256 | 7a286ada62878846859b6da754b45d2f095ea2efe93ba65a2e4f4590c8348b8d |
| SHA512 | 986cb229447899c9354858b0cbf3fba3f5a3eb03ac2d42c67160f26a5f5d1b997169c151cdd912bcb7c9582f9330a2c6c38ff86faf4f2914b6394ed214a8a03e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7454ab3c2f649b43effa8edab1c6598a |
| SHA1 | 477d830fe0e6a65371943f73c2807fd1a7d7ef3d |
| SHA256 | 3a62010660bb301a255ca626d3038e87c5a717e7114c42be7fd9f4e0d412c871 |
| SHA512 | f8cbe4a827f024010151fc2da547b405256924439c3d801a086731b51997ff936defc500ac747cba867896e5ebafdee6c3af58d6cf28de724ff9d06b0c3b9143 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fa49ce0d0920c1eb67b1c0d86156db7b |
| SHA1 | 0ea3f107d7048b2f9a4cfb5f27a8e62d0502dd01 |
| SHA256 | 5197a159aa590c27ecc4f7447088390d1904fb432e0a023cfd278caba38d0a2b |
| SHA512 | 1807206794de11c16657f30013ada9f448bacbe6251c1249aa4a4fab336b4556a7866a9cdbf141a7a4a5904d333f2f2ab6acc8210ca52da56e8c863654930458 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e95e882aa10e838c98e53972fac72a87 |
| SHA1 | cf501ba4356e2f4006e5acacecd4b62605a6bb90 |
| SHA256 | 3f968cd6a896c9893d14a0f7e4a3d80b324326a18157b89a0e43943b6a687a40 |
| SHA512 | 7dc309bf5411b997f5aafc133410100cfa61a288d427a27a7fc2cdac10d11087d0f35774c674b558f5bc7168f0c340bbbaa3b47293426912c748a2161510e9e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 385620b756491d25146215408b39cdae |
| SHA1 | 29b613569ae7abe40d49068c5e3f9e9e4bfd5fda |
| SHA256 | a1e74a7f304b223a25efb0b7cf2a391a04250be3f34b9f69c5e0f54cc3dc4f4a |
| SHA512 | e60fd5e3269537f31ee86f1a86bebf00cf3fbca5008cfe0d8ab60bca5e0cafed2b9dbac5f85d968e6fa9281a4f9f0b616e43f16c03ebb7cfafad12033db0e496 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a8156de42f2c5c268b92439d37aac797 |
| SHA1 | 1416bd97d9dd5eab587b638f6ec1d5c236672af1 |
| SHA256 | dbd101e746dabd1ccb71a7bd200010dd4cb7b18c2503eaa19f98a431f31da924 |
| SHA512 | 24ff8eebfd4ce057ea4f59bff59e6767ddafaf5861d7bdf87284127438a1850dd327ddbabb7692d88fd01f65f4fe1ed2737d626ab17660e5a1bb17165553cafb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4e787b17a47cca957401fa34dcee5371 |
| SHA1 | 65d7a6fd590a46dffab064d0bfaffef1fd3f6d91 |
| SHA256 | f6c46e88b8948a91f1784ff5be798a27aaf71c04fd12b8e05c24220dfb19176e |
| SHA512 | 9091440ff7c4ad74aa0136f68509b5a812163a9005389578c91ece2a1c0872ff07f1a3d47b9cae1394b60fdba76cf3319a872f5a9bba60546ca6ce6516e9a029 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 13d1e890868837a23895d3a8d400fa9f |
| SHA1 | bc764aa66e22e5c751c612fc58de0a3a2876e1ae |
| SHA256 | 8147a0eefc3b5fa14eb5b4126b0526019636434f6d8f035b3ab5dd5571991b2f |
| SHA512 | 66af5f5e297b1148381d041eb2650e931b1d26c786250546741289427a7a9437eb57fb60f711f3ef2d45f445ff542fc410000ea7d4dc6c56f4ce67b50750ae1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5d76ec24561b581b95e6716bfcf4036d |
| SHA1 | c3458122f1126d2c53f825133c25bd6e7181e54a |
| SHA256 | 9eb699d5fe3c69d8de56d1148d50c4b440fc95958653c7a8b17e63cad8e86567 |
| SHA512 | 90026ec7f6a850b6061b57613732145f38fc64b152a0a5366ffcd41535c6893533f20a57e6586a325dc2529a2f960f661c16a446e7f92b8c3412f943b16c04af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dc297cabf8ce1b5732e5c636e13caaf3 |
| SHA1 | 025e3b6860695f114ccced44850abce76a7bd7c4 |
| SHA256 | a4fece231dd493da73f6d8600e5bc3af28b3ff1b044a7865907a95b59f9343fb |
| SHA512 | fd727716637972bd795493c42865cbe34bce576b303e68404452b19025767e33a70e5c5f276751ac2c7236d58defcaacc5913626719f96f990a584ec8dbfe6df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d7d69356e09ee716c85f5fef3b05ff3b |
| SHA1 | ef0e20e54794ed1879cb3886431d45511a366f07 |
| SHA256 | 70945eb37073a34284701f4e1de1b4010ca24da984580f023eb41c4c56b06229 |
| SHA512 | 73d40e41c8cebc7d27f727e3b54a4488a829a60f6870c7fe82d1b65d986c81edea1e78a03d2a1d60447f837a5c523c3f873806cdaa9ca664ff31629c01760b80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3bd66244f04bb39cb87b1e05a53c78bf |
| SHA1 | 2b7fcd1dc8dbe9f6d6213df1f43517217cb7c6c8 |
| SHA256 | be6bac3227a06b376669e01e31229ddbc914ea1fbc935c3a5740d175028a152c |
| SHA512 | e361536cde0e06b8f898f2e5e9577a6995ae4d8f0226a45920755222a5e29f393b2d23ab2f76a1c59cdf88c5dc123c4fee73b8ec7cb74b144cadbe2f2b10f153 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3d79900391a67917ea2cce0090a4990b |
| SHA1 | edd9de804b5bce38751fba5da670b8ab1eddcf24 |
| SHA256 | 3e0b2dc02b0ff3559afd45ebf0235196165356452037f0b905a8251549966ef1 |
| SHA512 | bd975cb0b54ca56fac66963b8ccfe715690d6f5dac0604cf3ad2a346dd4e349262269b947370e3ffd023b35695bfd8ed9653e3831bc37817662ee83bfc96070e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1e80fbcf99b0f801abd8ea96ad2df7f0 |
| SHA1 | 70148dbc308fa7dd4868b10d455831eeb1c03df9 |
| SHA256 | b1e0a0f610eada5d53bdbbc1bce3630db9b1b9a1a73bad84cf0fd0cf67756d0d |
| SHA512 | fdf765c9d08899641e7237e059241dea4ba300465fb149583f3b9c859452c20ad2d6f5b5b5e9011d6ae0e831d15212fce7e56d710e62721e554477fbe2278a6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 42eca4df0a8156fe506d5c635ffef8aa |
| SHA1 | 7e36f5f9849ce7b6a5663ee802dc22c16dbb1816 |
| SHA256 | 4deb46daf6941a6ea1dbe224ffd3d45a208af53a508294512ef97d8a6504714e |
| SHA512 | eacafa9b555950e776ccd4ac95e4acbf92b62822055f30b63437c904e66e7cfc08923c734a74eca3a771cccfd8b03d52e346b1ef86e558737675dbdd34512884 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fd4d90078cd49ee2506d3cc170097f32 |
| SHA1 | 42963adfc78e597df61f190361d09ccea4cb5c19 |
| SHA256 | d7162cf29bbab67fe23ef20b114ea1756a51f2fa64a04cc2235d779408513fc4 |
| SHA512 | 32bfbefec32057234a6f1c2f9a26321e0dcb6fc8c7839aabc5acc2424bdee7eef64cc9f44beff4d93e1337eebcd09073e63cb26781c1e9cdf5c3ac6ac25e3609 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3cd63d76295d138376476a1ea7e3cdc9 |
| SHA1 | a4d759386e10868e8bfd58fc6ae4d229df785ef6 |
| SHA256 | a0f1bbc67ea268ce0cafbe86593a07ceef9f99ffb7dd41d7638344468f94e79b |
| SHA512 | 8765b9c9a609b42fb638c2cae868daa85d44a35621fa5fb63482a519edd7fdc910a82f36ac9760cc2c267b4bd907f0265e9a470a61f36e81b76165999637fa1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 39fdc08cf434f4461d70f238ea446aa4 |
| SHA1 | 8e4a474f14a5fbff7e4b71647c44d4619673f9a4 |
| SHA256 | 1c1d8bf2bcb2636d866d4a12e154f1d1e1ef28ddd6b6ec28480add7be89a62af |
| SHA512 | e1fd4ade0e0cb96b22509639d164e5d761c53ae027997f63afdbfcbfe556d71f8700dbfb02ebf5af9c585a4db0715746d1e46a000dcd8d151394d4c58933bc3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7f29e41c42ae61aa6d20dfcc7cc03b93 |
| SHA1 | 5f2af10f7a647a683efc85b698e6810e7041ba17 |
| SHA256 | e6131721bace772bd269f2d9130390ae87a002eb437ed0252ca9d459f71be492 |
| SHA512 | 981c1b311e0cb5cf10c5b6855697092beeb830ef70469781f4971d65c4a41dea46b090198c2623fcdda4aa3cb18570880a6d3cbef3887201249fa3612ce6f242 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4296f6918e726e9008a90c66ec37e716 |
| SHA1 | aea75b0925af1c8aac6abf6e91e69308d44ce02c |
| SHA256 | e7740281ad134ad2ee41c87ee24114cfab1484fcc95a1c564c098ea8094cca79 |
| SHA512 | f03dd526c2b54afc197d58c78c0ae4ec9c160384ada3ac2b7e0df936c5c142cf5d328b946cb2bbc58ef2761cf11f3d8e3942bf78f23de5ab5101def33981b24f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7bfb4c1b161faef9b7eef1337f30c66d |
| SHA1 | 5fb4d7bd55b4e0cd413fd4cf3a888db80e8f23e1 |
| SHA256 | ead03da1cd1759429a875965fb566e57a210c6c67cd0fc03527b04762ed0b8e2 |
| SHA512 | c1d0fea5e4701766b0ff93c7a2b66fc4d9668d9798b081a96757e026cf08fc1562b7419e8df69e6cf2d1460ed7e1916967086568c028dfe24cf1a3b847353478 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f63dc47f371eb7459ca0633f639ae135 |
| SHA1 | def09493482b1f61966aeb183312302ee0cf057a |
| SHA256 | 41fc571088b2e10b001cabb6515028f4bdcf0bfd264a44649c4a9007cb6a9e0c |
| SHA512 | d4370f791be799f95fa7ac87e108dcfa1993f2f4dba970eff3061ea6e9bd3e0f1cf2dd5ad4ab81dc87f8d38a56490c8d45e282946c78c051b5edb79d2887c5df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
| MD5 | 17fc80e19bbd44febf6fd81d70d5829b |
| SHA1 | aa62c0b96f800e5654596d137dbdc3358bc1aeb8 |
| SHA256 | cd17652592b16771d6d09e244a44e7d7b5be6159ce364a8ce6a1fb1e6f2d0a9e |
| SHA512 | 1cdfac8f4bf080bb82da5f7841b46fafb4b4f577b6b3ef1e4e11b4cdf1a83f18e32d922498ed50d66edb966b62da012fad2fddb6a7b365dfbcaf241a1a3afb1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
| MD5 | d051cb22d593a03f45bd0c0ec39c2bc6 |
| SHA1 | 85ca03dee45b322f65e20edd29631c82c35912ae |
| SHA256 | f459460887fa8849d897c89b5cb50a0a2d570f788cf81647cb68647a4bce503f |
| SHA512 | 7bfe2719a9bfdbc5d117c082934a02420ff58c536db4627578033fd149adc3ad45e276adec137c80065c46998d4712c3d13acab037811f885269bc7efad990f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
| MD5 | 68c477c4c76baab3a8d1ef6a55aa986f |
| SHA1 | 4af50379e13514558dd53d123db8ea101ec5e24c |
| SHA256 | 0364d368abf457d4e70dbc7a7a360f3486eaea2837b194915b23d4398bee91ac |
| SHA512 | 92b34fe3b7f82f10cf6de8027ac08f4a5b8764fb4e0b31c93da6e3d5bd08e0bc83b79fd70b8207a1066b689583e0b6976fa3c885b0c067ea343e6f2031d55d25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
| MD5 | 6b37a5b2ff3baee32db53505966d8c93 |
| SHA1 | f3f42e843aa6464c10e9a60c0f8c9264998a51e5 |
| SHA256 | a58edc5df4085f0ddbb80367dc7ed414572928554566002c19e778b1fd2de268 |
| SHA512 | 5624785a968372e1403032cc989558433e788ded8370282128e4d6530d5aee7b511a4e1932bce19625ecaf6e2696bb56699af14f03d2e19a16e97ed26f14344d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
| MD5 | 08a1ae0e95fede2e246e0ece5c9fb73c |
| SHA1 | ec83b43e7388e6f09b56376017f0e1c67aa52fea |
| SHA256 | c0b8d273858fa3e5ed0ee9903aa47ec1fa19d1a5970de3525b490b1a6dacb5f0 |
| SHA512 | 7f0304cd81ac1b404d59efba619504dc15315c64a6e52dabb5e188b62e7c9ede8f5dfcc4f514a247074ab3b8b48abbe32544cb6df9b0a76bda856f0e6a5a83f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
| MD5 | 82524a9ba1a4cd636714f45ab6534ce8 |
| SHA1 | 7903f3f439555ac14e953fd7ca56f211de5d0bab |
| SHA256 | 473629da61044f673a7497e37cb1517399eadc78b17802928a2799cadf0d2c02 |
| SHA512 | 972377a978c859e58f2fcbf6052bbae3793b270520efa18734924f70fc73dc0a3252153f0e138e4d1467da8a5a29dc1bec697c8b9481196dd1875e47978a9bbc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
| MD5 | 5e322d177c03a4bae6286675f596a13e |
| SHA1 | b5438dbe20b139747adb278337ff5950f9ac1839 |
| SHA256 | b24c2b084b7d6bab9107011c87634ff2eaebead58c9c9edebd2e375f8f1fb91d |
| SHA512 | 1adf3387189b74541d9635026f149edcc10a96cea6e48af06f7c8f449fcfd9788592d7fc92997b5ee91e8a08e7f29a7f8825069d13b114b8b441621d1569943b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
| MD5 | 50451dee977409e7b83b82ba8a31f095 |
| SHA1 | 394f9f749a0fbba620707f1fc55d4c3341c30f38 |
| SHA256 | 10b17ca89bc9116a4c9c2edd1a28d1bf2b11b5e34e86545d0931fc5f20897369 |
| SHA512 | 6889b80db888947fda3c542c1a2731783dcf437b277edb2c317177b6a4cd95601a0d130fe79282ed7806d65701af4e97d6d8d34e27a6487db1a49cf8b6b2f216 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 502b42442df1ba4f404195bfd51ca306 |
| SHA1 | 272f87c79849ef042fd555d48e592b42f6127017 |
| SHA256 | f57376023c0129a8c32f362ea978fb707e6748390cf35ad74bcf986aa60e2483 |
| SHA512 | 42ab6a1c4f3fc6268a76501935d0dc87b2f4cee6752418fcaf4f564f76dd60f352037312d6279db515e42b4a7341d557d79b2878e4c5c18096b5dc42a8dd648f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d50b84a9ec5cd5a9d82fc05dc0592d04 |
| SHA1 | e30f0048a3afadbf9cc37eb010296271b047d45b |
| SHA256 | 48c277f5abb1fb4a7705e118546f73d06113a3b9e0b2f5b3d42bf082d4604eba |
| SHA512 | f66183cd2b80766ec500dcf53274630f00114220545aea68f128d90f3b8e47e23260e856832776bd36e5fc33f9836bf0c1519c0033dc4a49615b84eb1fa980d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9c0a5c94f24289c124e561bad9869072 |
| SHA1 | 593d2dc2e84dbf95065edfc1b336dde69fec7fe4 |
| SHA256 | 21a103e165e2ce18c653cd8ecb0a09f972d8f5692c8ba8f8ac67e1878876be17 |
| SHA512 | 6e7320f7182651589fc4082b89a52e1ddcaa8b806f4d723a9d10cfa38f6a9572be20463adf7ad2fc29e37f182250a8573700dff9a4396717268ab7e02c3d641f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 822b6498ab424fc7cea8630ec6dbc415 |
| SHA1 | d2096295b76fbe5118df5dafe19c03b58ee0d9f0 |
| SHA256 | 2b60575efab0820458d506b11af361558c8803a1e4fd0873745106765c57f67e |
| SHA512 | c5e141fb8b3a2cff911cb34a9973a43cb067d64362c9deffa968fc5c72a4efb1b7410b03c81aa5cd4e116df8abcf6e14e693ec31936ae7b21675f91d199aed3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 603ff14a882213cba966d1ed0c021e0f |
| SHA1 | 468586956932fdc406ad86f670eb9279efca622e |
| SHA256 | b0a5f3db4a1a492daccec491cfa90aa065702b2fe87d040fdb08eaa3a0635288 |
| SHA512 | e106a2de9d5a01c69d72902df69bb2b543245133a11befc2a157165dfdcb51576c25549a21ddf792c37ae2cac8d6568d45e051dfcc8dd8e89590eb498750bd6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e5445c526f274c3f7a2838abd61c6302 |
| SHA1 | 0b0148cb0ee531da3cbd7db0e4fa77a01df0ed1e |
| SHA256 | a6c91c677ab4a79d3812a6c48bad3edbc8e4eb20de37171b48bfa4af95adaafc |
| SHA512 | bb6bfbe1e9cf0f4a595b6368f8cef7c2eea33337dad137fd797cfe1287818b4c9a0563a8fc10b1adc1da5887cb0bc249ec567f576049be5a7622d7019b25f92e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 43ebb202808bdeb90215c8e02a4a2d99 |
| SHA1 | ebedfc015cd3ac89f39717e8ed6026aa3bcb542b |
| SHA256 | 2b8f2e249581fee73f943d9432f8fc4d60b30fe2d32701b109ea6d64ec13a238 |
| SHA512 | e1ebfd1f0f2a9ff6f80a63a58c7b1c1410b0a262f3797928e8aff8b23763f2a57cf72bb4e3315d446e84ec9cf3821e6b812a3533770362c690055f8bc3a966fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3adbb2aa185761b3b5a5493e344500fb |
| SHA1 | 1c74c2910fbe8af3254cd6a0c8e5d10e7f6dfda3 |
| SHA256 | 4788d38a2c82031dcfc1cbd86c8c49d7f643a25c092440ec78b73bbe9075d8bf |
| SHA512 | 0c8a96574b65f287a91e9df8a67ea0235b62edb85b9316be801d339a3e9ebdc0bb82d1e6545068db87fe3563faeb3ab33fa468570dbceb42608d7d68bbb4af03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6bd88c12dc987ef975471fcc62a93e0c |
| SHA1 | afd663784bcdedf631623a9ff9365994e82f1989 |
| SHA256 | 215c0ff388f3f058fa414c1867b0c6aab855dcb62707c99775fb03d6fa8ab78a |
| SHA512 | 38c07d0964058f9fab7df2981c33264c3bbf2222ca0346b48d89d8dc2459ec5409d7ff1e8cc7e53ee42ebcbb4c9960c599ac619f81a4a25938a6fc2bf30d16f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fe76f2ee3d917e614f1ad898b59756a3 |
| SHA1 | 2e83c7ec4a7a6f197f6cc19cfb818767cc2e3e17 |
| SHA256 | da5cd40476456b4f8b6febc7d01c7e03cebe7251a75a4b42891ef4a7665a8abe |
| SHA512 | aa4cd60e2eade7192c86a75b4fe111a3f649acf9f80e658811034252bdc509840603a6e9f5a6f3854a21af9612e71c299de9c58b62d88ceed755e8624d98e18f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1a00bc03fcd19d40eaebaf5ec546b0b5 |
| SHA1 | 100bd2cfc1ab1422a71f63e0c3941c30432e27fc |
| SHA256 | 4f942af6bbbc66783797d31eee7b69b3d220234e203a954b7ea52e9a9d2250c3 |
| SHA512 | b5385b69f38594466c82d0cfd13c363ca6afbb15370ecaa0b84e89da567a58c18db2b12d65a29b8c2fa2356140723589f4f6a14145f63f9f95babdd74c5479c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 509849b6d6cec6f0ae4cdca42f9c36ce |
| SHA1 | 05aa8ea08dd51a07039600e8d315a101f2faf658 |
| SHA256 | 5b83bd8e7f1d359601a32e26db62b342730be3e47f82b4fe23543cf05ca5c473 |
| SHA512 | e297f56265cd2d8b0d78eb82c82260e8f7465356e4d6c3ede054118e17b658b79faccf7d33ab4d362db703bf415c3d8ddb7c602c17dbfd7914be4f3efd40a2ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 285c6867668e99e45e1fdaab3a62da83 |
| SHA1 | 77c9ed9b7d2ae3f85ac1b1205ff07057a40014a3 |
| SHA256 | 98ed2a5eb36f4a16c41e93ff215a7e6d0f9576d64ad8ba4995dd56443b1b7d37 |
| SHA512 | 3cc8c591fcefa0f6d9295bb01740860ab1e0495c42e78eb68e61dd52a92e24a33c4d21b66a4bd5e72929ba4649741d4a769bd594a593fee9b005e14b76fd2020 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e38cae1d9f6ca8cbab879b381b8370d6 |
| SHA1 | c7d7bfccb208f6171b556e3ea792e956c8987139 |
| SHA256 | 34e310e399b79a304b144ea54f70f3463d2f6152d454f5bb1103e5602857f868 |
| SHA512 | 481505537d8404671c3cb35b55e53ea46a2d3d93256e0694245051bd1bab6f3feb8a084d1b12f57a90cd12a41a36ef0394d46b49f0226a465f11a0f2acc2c5b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3381e20373c4ed282d971021dd2af0c2 |
| SHA1 | e8f52dec11178c3f831188f4cab9546eafc47659 |
| SHA256 | aff322fba9e60c10c2d44e5517ce7c3c9a5a9e91824c6114bd83c141ee7fcf3b |
| SHA512 | 9480eae3ebf8bd6a77df64ba457f26e50b73e77b9e18ad03a022d19bf0ffb82bf39f9967607d85aa1f0c61634b88febe551548c1606c6bd6fca86c918e7758e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 40fea44a37ab6e70035859e9e4f255e4 |
| SHA1 | 062a28e838afd4e4836afe5ab8231adb841da3dc |
| SHA256 | d5cec162b3927de5fe8ff0b1e6d1c6284e17d3b5345e1e7ce4fb46ed1fe297d0 |
| SHA512 | d678a3d9561c425463b25ba5eafb5a19e85c0fed8c032f55cd4b80a5219008eeb6ef1ab0dfc8d67e1554d5e66e817cb1438ccb4ad775a0a9a90f1c622181e3d7 |
Analysis: behavioral11
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 20:50
Platform
android-x64-20240624-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 20:50
Platform
android-x64-20240624-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 20:50
Platform
android-x86-arm-20240624-en
Max time network
9s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 21:21
Platform
win7-20240903-en
Max time kernel
1563s
Max time network
1570s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Virus\Mabezat\Mabezat.exe
"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Virus\Mabezat\Mabezat.exe"
Network
Files
memory/1260-1-0x0000000001000000-0x0000000001026000-memory.dmp
memory/1260-0-0x0000000001000000-0x0000000001026000-memory.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 20:49
Platform
android-x64-20240624-en
Max time network
9s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 20:50
Platform
win10v2004-20241007-en
Max time kernel
25s
Max time network
32s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\Program Files\\mrsmajor\\Launcher.vbs\"" | C:\Windows\System32\wscript.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\System32\wscript.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\disableregistrytools = "1" | C:\Windows\System32\wscript.exe | N/A |
Disables Task Manager via registry modification
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MrsMajors\BossDaMajor\BossDaMajor.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Windows\System32\wscript.exe | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Music\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\Music\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Admin\Videos\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
Enumerates connected drives
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\mrsmajor\DreS_X.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\mrsmajorlauncher.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\CPUUsage.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\default.txt | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\def_resource\f11.mp4 | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\Launcher.vbs | C:\Windows\system32\wscript.exe | N/A |
| File opened for modification | C:\Program Files\mrsmajor\CPUUsage.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\def_resource\creepysound.mp3 | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\Icon_resource\SkullIco.ico | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\def_resource\@Tile@@.jpg | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\def_resource\Skullcur.cur | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\Doll_patch.xml | C:\Windows\System32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\WinLogon.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\MrsMjrGui.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\MrsMjrGuiLauncher.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\reStart.vbs | C:\Windows\system32\wscript.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll | C:\Windows\system32\svchost.exe | N/A |
Access Token Manipulation: Create Process with Token
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\wscript.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MrsMajors\BossDaMajor\BossDaMajor.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\unregmp2.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\Cursors | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\Cursors\Arrow = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur" | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\Cursors\AppStarting = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur" | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\Cursors\Hand = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur" | C:\Windows\System32\wscript.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "232" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1045960512-3948844814-3059691613-1000\{9B3CCF70-1E19-4811-A6BB-A41C4AB35AE7} | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\unregmp2.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\unregmp2.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\shutdown.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\shutdown.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system | C:\Windows\System32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\System32\wscript.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MrsMajors\BossDaMajor\BossDaMajor.exe
"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MrsMajors\BossDaMajor\BossDaMajor.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\C2B5.vbs
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" "C:\Program files\mrsmajor\mrsmajorlauncher.vbs" RunAsAdministrator
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" "C:\Program Files\mrsmajor\def_resource\f11.mp4"
C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
C:\Windows\system32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2d0 0x51c
C:\Windows\System32\shutdown.exe
"C:\Windows\System32\shutdown.exe" -r -t 03
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38d3055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\C2B5.vbs
| MD5 | 5706bc5d518069a3b2be5e6fac51b12f |
| SHA1 | d7361f3623ecf05e63bb97cc9da8d5c50401575c |
| SHA256 | 8a74eead47657582c84209eb4cdba545404d9c67dd288c605515a86e06de0aad |
| SHA512 | fb68727db0365ab10c5b0d5e5e1d44b95aa38806e33b0af3280abcefae83f30eb8252653e158ac941320f3b38507649cce41898c8511223ee8642339cfece047 |
C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\CPUUsage.vbs
| MD5 | 0e4c01bf30b13c953f8f76db4a7e857d |
| SHA1 | b8ddbc05adcf890b55d82a9f00922376c1a22696 |
| SHA256 | 28e69e90466034ce392e84db2bde3ad43ad556d12609e3860f92016641b2a738 |
| SHA512 | 5e66e2793e7bc88066b8df3dccb554351287dea18207e280b69d7798ecd5cdc99bd4c126c3e394db9f45f54bb561e6688f928de4f638c5eca4f101dc2cea54a1 |
C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\default.txt
| MD5 | 30cfd8bb946a7e889090fb148ea6f501 |
| SHA1 | c49dbc93f0f17ff65faf3b313562c655ef3f9753 |
| SHA256 | e1ebbd3abfcaddf7d6960708f3ccd8eda64c944723f0905ff76551c692b94210 |
| SHA512 | 8e7d98e6d0c05d199114d2d6ab8da886aed68de690c4d79643868eaf051c229fff94c88d937adb3da5e31fe48116613cf79dd00dda30f296746ce0a8aded9fe2 |
C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\def_resource\@Tile@@.jpg
| MD5 | 3e21bcf0d1e7f39d8b8ec2c940489ca2 |
| SHA1 | fa6879a984d70241557bb0abb849f175ace2fd78 |
| SHA256 | 064f135fcc026a574552f42901b51052345f4b0f122edd7acd5f2dcc023160a5 |
| SHA512 | 5577e20f76d6b1cccc513392532a09bdc6dcd3a8a177b8035dc5d7eb082e0093436068f92059e301c5987e6122c4d9aff3e5ae9cc94ccc1ecc9951e2785b0922 |
C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\def_resource\Skullcur.cur
| MD5 | cea57c3a54a04118f1db9db8b38ea17a |
| SHA1 | 112d0f8913ff205776b975f54639c5c34ce43987 |
| SHA256 | d2b6db8b28112da51e34972dec513278a56783d24b8b5408f11997e9e67d422b |
| SHA512 | 561860907fa2f53c7853094299758232a70c0cd22c6df3534abd094c6970f28792c6c334a33b129d661a46930d90fd8c98f11cb34f3e277cf20a355b792f64f0 |
C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\def_resource\f11.mp4
| MD5 | 17042b9e5fc04a571311cd484f17b9eb |
| SHA1 | 585d91c69c3f9e3d2e8cb8cf984871d89cc4adbb |
| SHA256 | a9b0f1f849e0b41924f5e80b0c4948e63fc4b4f335bbdf0f997b03a3aff55424 |
| SHA512 | 709076c6cef8dd61701c93e1fe331d2b1a218498b833db10ee4d2be0816e3444aeebfa092ab1bd10322617cf3385414e8fdb76fd90f25b44ac24d38937b4d47f |
C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\def_resource\creepysound.mp3
| MD5 | 4a9b1d8a8fe8a75c81ddba3e411ddc5d |
| SHA1 | e40cb1ee4490f6d7520902e12222446a8efbf9a8 |
| SHA256 | 79e9a3611494b5ffafaa79788ba7e11dd218e3800c40b56684ccc0c33ab64eac |
| SHA512 | e7a28acb04ca33d57efe0474bb67d6d4b8ceff9198198b81574c76c835d5df05d113fc468f4a4434580b1b58189f38184c376976604dc05d1424af1721995601 |
C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\DreS_X.bat
| MD5 | ba81d7fa0662e8ee3780c5becc355a14 |
| SHA1 | 0bd3d86116f431a43d02894337af084caf2b4de1 |
| SHA256 | 2590879a8cd745dbbe7ad66a548f31375ccfb0f8090d56b5e4bd5909573ac816 |
| SHA512 | 0b768995187f988dc15d055f9689cee3ab3908d10b05a625b40d9757c101e067bbd6067ccbcf1951ebb683f5259eec562802ea6161d59475ce86cf6bc7c957f2 |
C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\Icon_resource\SkullIco.ico
| MD5 | c7bf05d7cb3535f7485606cf5b5987fe |
| SHA1 | 9d480d6f1e3f17d5018c1d2f4ae257ae983f0bb5 |
| SHA256 | 4c1cfbe274f993941ac5fa512c376b6d7344800fb8be08cc6344e6c16a418311 |
| SHA512 | d30952a75d94dd64b7bd253ed72810690f3550f2262cfaaef45854fc8334f6201a8cbafb9b175c6435f7ce0499567f2fa8667b4b0046bfb651bf61eb4278e6c8 |
C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\Launcher.vbs
| MD5 | b5a1c9ae4c2ae863ac3f6a019f556a22 |
| SHA1 | 9ae506e04b4b7394796d5c5640b8ba9eba71a4a6 |
| SHA256 | 6f0bb8cc239af15c9215867d6225c8ff344052aaa0deeb3452dbf463b8c46529 |
| SHA512 | a644c48562e38190720fb55a6c6e7d5ccfab60f362236fe7d63caebdc01758f17196d123fb37bd11f7e247ce8ab21812165b27496d3bd6ca5e2c5efefab8fb03 |
C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\reStart.vbs
| MD5 | 0851e8d791f618daa5b72d40e0c8e32b |
| SHA1 | 80bea0443dc4cc508e846fefdb9de6c44ad8ff91 |
| SHA256 | 2cbd8bc239c5cfc3ef02f8472d867dff61e5aed9fde8a3823cda28cc37d77722 |
| SHA512 | 57a9d1d75dbbab842060b29f01958f7e6b27d0175ff9a3f7b97e423c1b4e3fae94547a569c2e5c88224fc5dcc785f5a1d49c61199a8c7b3afeb4fc520600df40 |
C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\MrsMjrGuiLauncher.bat
| MD5 | c7146f88f4184c6ee5dcf7a62846aa23 |
| SHA1 | 215adb85d81cc4130154e73a2ab76c6e0f6f2ff3 |
| SHA256 | 47e6c9f62ffc41fbc555f8644ad099a96573c8c023797127f78b1a952ca1b963 |
| SHA512 | 3b30fa1334b88af3e3382813d316104e3698173bb159c20ff3468cf3494ecfbbc32a9ae78b4919ecd47c05d506435af4a7ccee0576c0d0018a81fbd1b2dfcf10 |
C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\MrsMjrGui.exe
| MD5 | 450f49426b4519ecaac8cd04814c03a4 |
| SHA1 | 063ee81f46d56544a5c217ffab69ee949eaa6f45 |
| SHA256 | 087fca40e079746b9c1dfaf777d3994c0321ea8f69d08238cdfc02fb109add1d |
| SHA512 | 0cae15d863120f4edc6b6dabfe2f0f3d2e028057025d7d5ffe615cde8144f29bdaf099850e91e101e95d13f8a83cb1410a06172dda25a5f92967abcbc8453cbc |
C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\mrsmajorlauncher.vbs
| MD5 | e3fdf285b14fb588f674ebfc2134200c |
| SHA1 | 30fba2298b6e1fade4b5f9c8c80f7f1ea07de811 |
| SHA256 | 4d3aa3ecd16a6ba46a9d6c0bdacdcd9dce70d93585941a94e544696e3e6f7d92 |
| SHA512 | 9b0bfbb07c77d9e9979a6c0f88b0a93010133f7dd3cf01e1de5dfbe812a5ed920e916d16d6a32fe21b9ee4b5425e61a616ded1aeeb35a410d4f77c0f9392ed0a |
C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\WinLogon.bat
| MD5 | 870bce376c1b71365390a9e9aefb9a33 |
| SHA1 | 176fdbdb8e5795fb5fddc81b2b4e1d9677779786 |
| SHA256 | 2798dad008f62aace1841edfb43146147a9cade388c419c96da788fcaa2f76bc |
| SHA512 | f17c9898f81387daf42c9b858f507889919474ac2a17f96fc6d4606be94327e0b941b23a3ccc3f4af92b8abc0522e94745616da0564cdef1c3f20ee17ee31f53 |
C:\Users\Admin\Desktop\MRS MAJOR WANTS TO MEET YOU 1.txt
| MD5 | e20f623b1d5a781f86b51347260d68a5 |
| SHA1 | 7e06a43ba81d27b017eb1d5dcc62124a9579f96e |
| SHA256 | afeebe824fc4a955a673d3d8569a0b49dfbc43c6cc1d4e3d66d9855c28a7a179 |
| SHA512 | 2e74cccdd158ce1ffde84573d43e44ec6e488d00282a661700906ba1966ad90968a16c405a9640b9d33db03b33753733c9b7078844b0f6ac3af3de0c3c044c0b |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 5433eab10c6b5c6d55b7cbd302426a39 |
| SHA1 | c5b1604b3350dab290d081eecd5389a895c58de5 |
| SHA256 | 23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131 |
| SHA512 | 207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
| MD5 | 90be2701c8112bebc6bd58a7de19846e |
| SHA1 | a95be407036982392e2e684fb9ff6602ecad6f1e |
| SHA256 | 644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf |
| SHA512 | d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 42d2a73c6ed9ee1d31d3e65b7e090cd7 |
| SHA1 | 7cde2be7e46a595fc90beb911659604cac5e7857 |
| SHA256 | 8135d3ccd09d1aecbb7f341186753195a4e74ccfda403e29b455eb8d18ccfc2e |
| SHA512 | 843ecadde6c5b46fba9def8ea567b691b01f851d65fe9625d7f5dbce7e18e38038086c87387d8b0909a5aa3cc4ebddd71133eb63c2988e03a455e427c3cfcb2c |
C:\Users\Admin\AppData\Local\Temp\wmsetup.log
| MD5 | 832b024f796f2ac7689cdb8c61e90697 |
| SHA1 | ab66378a7c4a5b134318cb17bb308faf76fe01fa |
| SHA256 | 3cbdbd0ca9a89f007c5fecaf90e9b9c05aa55dc6538e958af39e9181f458b156 |
| SHA512 | 1d594aac0d041d710d1869ba145fc22af581fe91b03d768ea9b1cc6a26c683bb21a6f65ea828c5dda6903a60d66b1485b7a99fb580d866ae3110e87b8a5fe6a2 |
memory/4128-142-0x0000000004CF0000-0x0000000004D00000-memory.dmp
memory/4128-144-0x0000000004CF0000-0x0000000004D00000-memory.dmp
memory/4128-145-0x0000000004CF0000-0x0000000004D00000-memory.dmp
memory/4128-143-0x0000000004CF0000-0x0000000004D00000-memory.dmp
memory/4128-146-0x0000000007550000-0x0000000007560000-memory.dmp
memory/4128-147-0x0000000004CF0000-0x0000000004D00000-memory.dmp
memory/4128-148-0x0000000004CF0000-0x0000000004D00000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 3223754da69a4e31b54421f0280d58a2 |
| SHA1 | 42c06589fecc20c02fed77543777dc501c0d1f94 |
| SHA256 | b76b07ab453e519629d826bbe2cb81d7d9df7cd3ff260a77da517b902d46f58c |
| SHA512 | 72183c35fda60e308bfd3ff24bee5be1d2fd12410120cdf0ae127fe234a48311c1d4211bf5f013fd585bf8da62a8fc5e998fa6627faf60f43e36c865d576db07 |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
| MD5 | 193d4b7bb696c3d21d1c3d22e3761877 |
| SHA1 | 82d98c123d7e1133d69d8c1f84f5a154f12f98fe |
| SHA256 | fa16aa9da7abe70fe01abf740f14c97c12f40765c9fba5e542e130ac242c8c53 |
| SHA512 | 108fb29f05db9491bf0a26e3999264d427b34c04941a3abfa55face3ef5121744fd34038efdac96156eb34e0313918836b1b2e3c15a964b648b7fb2337af47e2 |
Analysis: behavioral13
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 21:30
Platform
macos-20241106-en
Max time kernel
1796s
Max time network
1805s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/The-MALWARE-Repo-master/Trojan/MrsMajors/BossDaMajor/BossDaMajor.exe"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/The-MALWARE-Repo-master/Trojan/MrsMajors/BossDaMajor/BossDaMajor.exe"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/The-MALWARE-Repo-master/Trojan/MrsMajors/BossDaMajor/BossDaMajor.exe]
/bin/zsh
[/bin/zsh -c /Users/run/The-MALWARE-Repo-master/Trojan/MrsMajors/BossDaMajor/BossDaMajor.exe]
/Users/run/The-MALWARE-Repo-master/Trojan/MrsMajors/BossDaMajor/BossDaMajor.exe
[/Users/run/The-MALWARE-Repo-master/Trojan/MrsMajors/BossDaMajor/BossDaMajor.exe]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.diagnosticd]
/usr/libexec/diagnosticd
[/usr/libexec/diagnosticd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.newsyslog]
/usr/sbin/newsyslog
[/usr/sbin/newsyslog]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 45.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 36-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 43-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 41-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 31-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 12.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 42.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 8-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 28.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 30-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 5-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 42.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 11.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 26-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 17-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 47-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 7.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 39-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 24-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 44.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 40-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 8.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 19-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 9-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 37.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 23-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 37.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 0-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 44.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 25-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 3-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 4.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 17.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 0.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 45.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 4.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 45.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 50-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 32.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 45.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 30.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 4.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 15-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 3.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 11.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 27-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 32.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 24.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 4.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 26.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 38-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 7.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 22.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 30.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 17.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 23.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 42.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 13.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 42.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 14-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 48-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 38.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 24.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 16-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 35-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 15.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 36.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 11.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 17.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 39.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 39.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 36.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 24.courier-push-apple.com.akadns.net | udp |
| GB | 17.57.146.152:5223 | 36.courier-push-apple.com.akadns.net | tcp |
| GB | 17.57.146.148:5223 | 36.courier-push-apple.com.akadns.net | tcp |
| GB | 17.57.146.151:5223 | 36.courier-push-apple.com.akadns.net | tcp |
| GB | 17.57.146.155:5223 | 36.courier-push-apple.com.akadns.net | tcp |
| US | 8.8.8.8:53 | 3.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 38.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 9.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 42.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 9.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 34-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 27.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 38.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 45.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 10.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 41.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 45.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 15.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 37.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 2.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 42.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 37.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 2.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 44.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 13.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 10.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 38.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 0.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 16.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 14.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 0.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 29-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 23.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 34.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 14.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 16.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 6-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 44.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 47.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 44.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 9.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 37.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 17.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 20.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 42.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 28.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 36.courier-push-apple.com.akadns.net | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 20:50
Platform
android-x86-arm-20240624-en
Max time network
9s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 21:33
Platform
macos-20241101-en
Max time kernel
1615s
Max time network
1647s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/The-MALWARE-Repo-master/Trojan/MEMZ.exe"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/The-MALWARE-Repo-master/Trojan/MEMZ.exe"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/The-MALWARE-Repo-master/Trojan/MEMZ.exe]
/bin/zsh
[/bin/zsh -c /Users/run/The-MALWARE-Repo-master/Trojan/MEMZ.exe]
/Users/run/The-MALWARE-Repo-master/Trojan/MEMZ.exe
[/Users/run/The-MALWARE-Repo-master/Trojan/MEMZ.exe]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nsurlstoraged]
/usr/libexec/nsurlstoraged
[/usr/libexec/nsurlstoraged --privileged]
/usr/libexec/xpcproxy
[xpcproxy com.apple.security.cloudkeychainproxy3]
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AccountPolicyHelper]
/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper
[/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.diagnosticd]
/usr/libexec/diagnosticd
[/usr/libexec/diagnosticd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.newsyslog]
/usr/sbin/newsyslog
[/usr/sbin/newsyslog]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 5-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 6-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 18.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 20-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 33-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 13.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 45.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 9-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 0-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 25.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 50.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 26.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 47.courier-push-apple.com.akadns.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 45.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 35-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 30-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 7-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 4-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 39-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 37-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 47.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 18.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 23-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 25.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 22-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 21-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 14-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 42.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 26.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 36-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 29.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 47.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 29.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 27-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 6.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 16-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 17-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 49-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 37.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 8-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 9.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 2-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 40.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 45.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 11-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 28.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 31-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 46-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 24-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 28.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 42.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 34-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 10-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 2.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 4.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 40.courier-push-apple.com.akadns.net | udp |
Files
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
Analysis: behavioral10
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 20:50
Platform
android-x86-arm-20240624-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 21:39
Platform
macos-20241106-en
Max time kernel
1255s
Max time network
1713s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/The-MALWARE-Repo-master/Virus/Mabezat/Mabezat.exe"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/The-MALWARE-Repo-master/Virus/Mabezat/Mabezat.exe"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/The-MALWARE-Repo-master/Virus/Mabezat/Mabezat.exe]
/bin/zsh
[/bin/zsh -c /Users/run/The-MALWARE-Repo-master/Virus/Mabezat/Mabezat.exe]
/Users/run/The-MALWARE-Repo-master/Virus/Mabezat/Mabezat.exe
[/Users/run/The-MALWARE-Repo-master/Virus/Mabezat/Mabezat.exe]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nsurlstoraged]
/usr/libexec/nsurlstoraged
[/usr/libexec/nsurlstoraged --privileged]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.diagnosticd]
/usr/libexec/diagnosticd
[/usr/libexec/diagnosticd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.newsyslog]
/usr/sbin/newsyslog
[/usr/sbin/newsyslog]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 38.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 43-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 40-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 50.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 39.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 10-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 35-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 17.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 16.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gb-courier-4.push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 40.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 23.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 0.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 49-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 30-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 3-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 19-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 46.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 13-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 35.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 21.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 20-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 37.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 39.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 12-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 35.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 47-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 14.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 30.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 29-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 31-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 46.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 12.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 30.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 36-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 22.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 23.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 21.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 40.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 47.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 38.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 30.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 48-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 27.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 10.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 15-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 37.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 10.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 45-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 17.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 29.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 23.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 22.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 16.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 50.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 10.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 37.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 21.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 15.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 35.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 16.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 9.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 17.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 44-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 3.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 45.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 2-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 26-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 10.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 28.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 42.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 21.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 25-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 8-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 20.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 30.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 36.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 9.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 3.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 18-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 40.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 11-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 16.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 29.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 11.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 35.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 30.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 50.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 27.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 48.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 40.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 29.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 6.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 29.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 21.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 3.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 6.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 34-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 18.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 22.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 13.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 21.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 35.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 46.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 44.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 23.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 29.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 37.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 18.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 39.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 9.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 17.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 13.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 8.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 14.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 32.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 48.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 13.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 0.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 42.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 12.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 23.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 32.courier-push-apple.com.akadns.net | udp |
| GB | 17.57.146.153:5223 | 23.courier-push-apple.com.akadns.net | tcp |
| US | 8.8.8.8:53 | 11.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 46.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33.courier-push-apple.com.akadns.net | udp |
Files
/var/db/nsurlstoraged/dafsaData.bin
| MD5 | 64f469698e53d0c828b7f90acd306082 |
| SHA1 | bcc041b3849e1b0b4104ffeb46002207eeac54f3 |
| SHA256 | d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd |
| SHA512 | a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f |
Analysis: behavioral27
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 20:51
Platform
android-x64-arm64-20240624-en
Max time network
11s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 20:49
Platform
android-x86-arm-20240624-en
Max time network
9s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 20:49
Platform
android-x64-arm64-20240624-en
Max time network
11s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 20:49
Platform
android-x86-arm-20240624-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 20:50
Platform
android-x64-20240624-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 20:50
Platform
android-x64-arm64-20240624-en
Max time network
12s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| GB | 172.217.16.238:443 | tcp |
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 21:21
Platform
win10v2004-20241007-en
Max time kernel
1143s
Max time network
1139s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Virus\Mabezat\Mabezat.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Virus\Mabezat\Mabezat.exe
"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Virus\Mabezat\Mabezat.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.73.42.20.in-addr.arpa | udp |
Files
memory/4556-0-0x0000000001000000-0x0000000001026000-memory.dmp
memory/4556-1-0x0000000001000000-0x0000000001026000-memory.dmp
Analysis: behavioral26
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 20:51
Platform
android-x64-20240624-en
Max time network
9s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 20:50
Platform
android-x64-arm64-20240624-en
Max time network
12s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| GB | 216.58.213.10:443 | tcp | |
| GB | 216.58.213.10:443 | tcp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 20:50
Platform
android-x86-arm-20240624-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 21:18
Platform
win7-20240903-en
Max time kernel
1344s
Max time network
1808s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\devmgmt.msc | C:\Windows\system32\mmc.exe | N/A |
| File opened for modification | C:\Windows\System32\devmgmt.msc | C:\Windows\system32\mmc.exe | N/A |
| File opened for modification | C:\Windows\System32\devmgmt.msc | C:\Windows\system32\mmc.exe | N/A |
| File opened for modification | C:\Windows\System32\devmgmt.msc | C:\Windows\system32\mmc.exe | N/A |
| File opened for modification | C:\Windows\System32\devmgmt.msc | C:\Windows\system32\mmc.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\SysWOW64\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\SysWOW64\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\SysWOW64\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\SysWOW64\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\SysWOW64\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\SysWOW64\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\SysWOW64\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\SysWOW64\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\SysWOW64\mspaint.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\notepad.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mspaint.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\notepad.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\control.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mspaint.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mspaint.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\control.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\calc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\notepad.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\calc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\notepad.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mspaint.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mspaint.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\notepad.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\notepad.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mspaint.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mspaint.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f03a86e19760794f87285209e450835600000000020000000000106600000001000020000000f7ee76bc342288dfd3138e3173c0dd48bf09d304eec69478cc64fac79bf81136000000000e8000000002000020000000b96b5d4f1adf87230e375cbd6181818eb9e67267747e13a8984d669f8b875315300200007c0a0234e9daa5df231eaa51816ecfe185d71f4c8524031c42678a0739cc3a43c75dde9ad3e620687634b65f93f96295743240eab0c91232f4f7de3d9ca87478cba08071e7890bd69540a0a685a582aad0ad333361e252c82ed1b462f8ec94cda88b9eea3ff0090e41c2cbc7d34bf973f99825ebd3cd309e50d665af20b1f39c9479b14708c44be4a5f72fbb6df29ca5b062a1d929f492e3082f719407a294e680ab46e62ea1c4ba00e65390ff035f227d04d98e8c064cc6fed03488a9693ecee7592726a1d36f27d87366c10d34c9b3d93f34f0ed18236771448f567a1e27c0273427d0c2aa38b6c961996d5c5c3054500c1f6cdae98a40cd6f8d4c6839227e2d402836912cede805a46f727c573c252603ff0a309286a1a289830e4e44c9a2a6eb92ef8ffd7f1a72553f6f2002c294ae469c6545149d56866dd171a6615c3639b9eb78ba5343511908e47b0c261e0bbe8e84a9141bcceaf6102ce1ccba6b291a83c3583d5d978739aa400ecc27fe7eec3d3dcbf8621ffc756ced74514d4df6444988c40deb709561640cc92a216a65a8df029cd4f5f0a30107849067db59a924f3fb3d7e1fb025562a0f6d42bf3a1b1e063661da3b4d5d7bda5d467d1659225ecdd733ab5a1873164989bef0453dd63b0b4ee879816aaf7a9205ad20aa69546d4ae7a8f9e890284c9896a1d7d8d006bda9a875e32dc07df6feea59f7977ef29b79d891c2cc513fa2207d4fde1f0b66bf1bf87f4e2eb92e477d5c37c5c646fbb3c7ab5676e34ab741a2de504e2194db40000000b220f7ba81040e49ac26484a82a707ef6c2ca9ae8fe8b5d9d76fbb3d1d3e560efdbcfe8a147fb6ede6135dccb7436e0f96725a47cd1d3c822e50d13871831bcb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f03a86e19760794f87285209e4508356000000000200000000001066000000010000200000003101ca30e8d1fcb4083d85246aa50a995cf3a0f6377e18e125c56ea6c5cb1e5f000000000e80000000020000200000000fc7c7be049fd276571103003531bddfa69916541a03a4c423fde2fe4d799f2a90010000841511d12cb77c8c2784c5793e0002482b6ad78fda23406acf08dc8d1a29e6a8b8ba918794f467b9e41d98898e1fa985ef0305e76bbdcef3c0d4399ff21f7ce01c0f49bab683f26a95aa7805fbf0b46a4ae5f5330ef4214f95a3d1372edacf69286cceb748e345b2d149a7a585bb923f7fc238b530c4056ef5bf96ebce3aa71713ebf4312c34139ed7b662008fffd25ebdc766f54a81fa5a9aac166326b018cd105259b44bf9b269c93428647633d79771d1ed079aaa9d91ee733bb7a50e1a19902b87f4aa6ce843324af96d881d40b8d420af44a079d396d0225a2406a51d3651803ecf7128edcf9a5cfbea0cfcb99333d91c378c567567e41fa043cbf381277f44e22761a5340d010cc481a07d7b686730752d3dc6b7e956b6f959883b81f68fcbb460847fabe1835bd306e8bbb9a6865e04256278a6fc7b80c8597177148800de61aebb19839302adbf871c3f9a06ffb9ee52ae17598613ff9fdc71eabe805436d40a206ba8857c5a1905075813cf7c6ef1ece285bef0ace43c325ccd5c3b4cee07ac02e7fbc2c0493c35346093a440000000943b7f866d25e0d062c3fdd3464f282ba1101c2d977a5c9c7661beaa03a799094163c1d83d54e7cf1bf86b272154b363958473d3a7046103fbfd1bb5b7229f7a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C89FFF78-BA5F-11EF-BB31-7694D31B45CA} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f03a86e19760794f87285209e450835600000000020000000000106600000001000020000000fd761ebceac2e67a1d68629d38346a4ec6920ac5667e8ae340ab21438d1f870d000000000e8000000002000020000000f7c82c345aa8fcd317ace473b5dd7acf0a755bc3171f5f021c482d943014d81b30020000ade525b0954a99f05246a54ecd98c2468e872b99d5c22a2bcf0d4516f70f678eb5312f45b1ac48760098abeca15446a0a5b61c5d71577d8571baf37c4c0c144cade41addb2a6d16a7bc125c595c131986befe178be68c951f19d7b7603b5f705fb9b60404e9c172bf15ea180ae92b4c428359d07d1f377fd014b0d417ebc4822b65c9e7adeb84d6378068a86bbe61bcbc3ba03dbc9313f00d1b3b4a9e99908909fe60f9ae08328e2d101357dda88bb5adc7c7ee59af26a173bb559a3a2440836cdd1dc8c64ee5d3c9ffde1a1baa524b1bff43b148a29e4e180fc8c36b19822c7f6b60c406508e717fb319b06be471f7c4a89d0cb3b55c978c8e1dff581e701ff5655d5c0c430ae7d696331904a7b79177c8a80b033e3167e38a83f86a1c91d87e7d0a95681267981399ce16d1efbdacdabad4068a0aabe4e859c1de9c55e07c57cd9b2c5f72ddcb64906887fc3d3a542b69eb7e20ebbcbaaf1d0c1312ee5108cda9dffa24c5e10914707b1d04594a67a572b7d9d327a46e3165539a10337c914c2cc1474c156919e85ddb47086bd24569840d9523feba6335f2d0ee52c89776e300e07c2bd62b155b786b0da40ba35c2c4a80b34459934d7eb77936537903b7221a51a954a4f286cd783e9772843eca6616baf345a37039b4633f979c3bb47d2cd4746c98ab52e4fb523c34b06394b3211ee9aca92fff2f02a13430418762f1768d8e054a70f94a646e5a58fef0d1f4cfbc5f68b6bb41af5d23ec377429cf1743e55a2757936826cd13b138ed827c5bb400000001e67b7db4933ae799f0956f4b9886f8e1c45da94c6f63aea6497251605386064034ef9b74495805da61d8c889f3755c89fa7a031c61b91bc929f4b13c7469ebf | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Runs regedit.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious behavior: SetClipboardViewer
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskmgr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskmgr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe"
C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://pcoptimizerpro.com/
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:275473 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:209940 /prefetch:2
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:799775 /prefetch:2
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x54c
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:603185 /prefetch:2
C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:603206 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:472149 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:1455160 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:1258607 /prefetch:2
C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:2307143 /prefetch:2
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:3093603 /prefetch:2
C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:1848418 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:2110557 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:3290260 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:2045070 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:2372770 /prefetch:2
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Windows\SysWOW64\taskmgr.exe
"C:\Windows\System32\taskmgr.exe"
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Windows\SysWOW64\taskmgr.exe
"C:\Windows\System32\taskmgr.exe"
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\SysWOW64\taskmgr.exe
"C:\Windows\System32\taskmgr.exe"
C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Windows\SysWOW64\taskmgr.exe
"C:\Windows\System32\taskmgr.exe"
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://play.clubpenguin.com/
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8268 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8268 CREDAT:1258498 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8268 CREDAT:2372611 /prefetch:2
C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8268 CREDAT:2372644 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8268 CREDAT:2372645 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8268 CREDAT:2765839 /prefetch:2
C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8268 CREDAT:2765842 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8268 CREDAT:5780485 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8268 CREDAT:5256203 /prefetch:2
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
C:\Windows\SysWOW64\taskmgr.exe
"C:\Windows\System32\taskmgr.exe"
C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=batch+virus+download
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=how+2+buy+weed
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6640 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:9824 CREDAT:275457 /prefetch:2
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Windows\SysWOW64\taskmgr.exe
"C:\Windows\System32\taskmgr.exe"
C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=how+to+download+memz
C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
C:\Windows\SysWOW64\taskmgr.exe
"C:\Windows\System32\taskmgr.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:11372 CREDAT:275457 /prefetch:2
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=bonzi+buddy+download+free
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6164 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3876 CREDAT:275457 /prefetch:2
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=the+memz+are+real
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:12568 CREDAT:275457 /prefetch:2
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
C:\Windows\SysWOW64\taskmgr.exe
"C:\Windows\System32\taskmgr.exe"
C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
C:\Windows\SysWOW64\taskmgr.exe
"C:\Windows\System32\taskmgr.exe"
C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
C:\Windows\SysWOW64\taskmgr.exe
"C:\Windows\System32\taskmgr.exe"
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pcoptimizerpro.com | udp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | pcoptimizerpro.com | tcp |
| US | 8.8.8.8:53 | www.pcoptimizerpro.com | udp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | www.jqueryscript.net | udp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 172.67.75.171:443 | www.jqueryscript.net | tcp |
| US | 172.67.75.171:443 | www.jqueryscript.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | cdn.jquery.app | udp |
| US | 104.21.66.214:443 | cdn.jquery.app | tcp |
| US | 104.21.66.214:443 | cdn.jquery.app | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| NL | 18.239.94.85:443 | static.hotjar.com | tcp |
| NL | 18.239.94.85:443 | static.hotjar.com | tcp |
| NL | 18.239.94.85:443 | static.hotjar.com | tcp |
| NL | 18.239.94.85:443 | static.hotjar.com | tcp |
| NL | 18.239.94.85:443 | static.hotjar.com | tcp |
| NL | 18.239.94.85:443 | static.hotjar.com | tcp |
| NL | 18.239.94.85:443 | static.hotjar.com | tcp |
| NL | 18.239.94.85:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | tcp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| US | 2.21.72.73:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 184.25.193.234:80 | www.microsoft.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 172.67.75.171:443 | www.jqueryscript.net | tcp |
| US | 172.67.75.171:443 | www.jqueryscript.net | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| NL | 18.239.94.85:443 | static.hotjar.com | tcp |
| NL | 18.239.94.85:443 | static.hotjar.com | tcp |
| NL | 18.239.94.85:443 | static.hotjar.com | tcp |
| NL | 18.239.94.85:443 | static.hotjar.com | tcp |
| NL | 18.239.94.85:443 | static.hotjar.com | tcp |
| NL | 18.239.94.85:443 | static.hotjar.com | tcp |
| NL | 18.239.94.85:443 | static.hotjar.com | tcp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | tcp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | tcp |
| NL | 18.239.94.85:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | play.clubpenguin.com | udp |
| US | 8.8.8.8:53 | play.clubpenguin.com | udp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | answers.microsoft.com | udp |
| US | 8.8.8.8:53 | answers.microsoft.com | udp |
| US | 13.107.246.64:80 | answers.microsoft.com | tcp |
| US | 13.107.246.64:80 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | answers-afd.microsoft.com | udp |
| US | 8.8.8.8:53 | cdn-dynmedia-1.microsoft.com | udp |
| GB | 184.25.193.234:443 | www.microsoft.com | tcp |
| GB | 184.25.193.234:443 | www.microsoft.com | tcp |
| GB | 95.100.104.22:443 | cdn-dynmedia-1.microsoft.com | tcp |
| GB | 95.100.104.22:443 | cdn-dynmedia-1.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers-afd.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers-afd.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers-afd.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers-afd.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers-afd.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers-afd.microsoft.com | tcp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | consentdeliveryfd.azurefd.net | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| GB | 184.25.193.234:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| GB | 184.25.193.234:443 | www.microsoft.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | answers.microsoft.com | udp |
| US | 8.8.8.8:53 | answers.microsoft.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| IE | 20.190.159.73:443 | login.microsoftonline.com | tcp |
| US | 13.107.246.64:80 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | answers-afd.microsoft.com | udp |
| US | 8.8.8.8:53 | consentdeliveryfd.azurefd.net | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| RO | 2.20.118.102:443 | www.microsoft.com | tcp |
| RO | 2.20.118.102:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| RO | 2.20.118.102:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| RO | 2.20.118.102:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 151.101.193.91:80 | softonic.com | tcp |
| US | 151.101.193.91:80 | softonic.com | tcp |
| US | 151.101.193.91:443 | softonic.com | tcp |
| US | 151.101.193.91:443 | softonic.com | tcp |
| US | 151.101.193.91:443 | softonic.com | tcp |
| US | 151.101.193.91:443 | softonic.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 8.8.8.8:53 | www.jqueryscript.net | udp |
| US | 172.67.75.171:443 | www.jqueryscript.net | tcp |
| US | 172.67.75.171:443 | www.jqueryscript.net | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | tcp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| NL | 18.239.94.35:443 | static.hotjar.com | tcp |
| NL | 18.239.94.35:443 | static.hotjar.com | tcp |
| NL | 18.239.94.35:443 | static.hotjar.com | tcp |
| NL | 18.239.94.35:443 | static.hotjar.com | tcp |
| NL | 18.239.94.35:443 | static.hotjar.com | tcp |
| NL | 18.239.94.35:443 | static.hotjar.com | tcp |
| NL | 18.239.94.35:443 | static.hotjar.com | tcp |
| NL | 18.239.94.35:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | answers.microsoft.com | udp |
| US | 8.8.8.8:53 | answers.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | answers-afd.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | cdn-dynmedia-1.microsoft.com | udp |
| US | 8.8.8.8:53 | consentdeliveryfd.azurefd.net | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 13.107.246.64:80 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| RO | 2.20.118.102:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| RO | 2.20.118.102:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| RO | 2.20.118.102:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| RO | 2.20.118.102:443 | www.microsoft.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | pcoptimizerpro.com | udp |
| US | 8.8.8.8:53 | pcoptimizerpro.com | udp |
| US | 50.63.8.124:443 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | pcoptimizerpro.com | tcp |
| US | 172.67.75.171:443 | www.jqueryscript.net | tcp |
| US | 172.67.75.171:443 | www.jqueryscript.net | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| NL | 18.239.94.113:443 | static.hotjar.com | tcp |
| NL | 18.239.94.113:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | tcp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | tcp |
| NL | 18.239.94.113:443 | static.hotjar.com | tcp |
| NL | 18.239.94.113:443 | static.hotjar.com | tcp |
| NL | 18.239.94.113:443 | static.hotjar.com | tcp |
| NL | 18.239.94.113:443 | static.hotjar.com | tcp |
| NL | 18.239.94.113:443 | static.hotjar.com | tcp |
| NL | 18.239.94.113:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | answers.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | answers.microsoft.com | udp |
| US | 8.8.8.8:53 | cdn-dynmedia-1.microsoft.com | udp |
| US | 8.8.8.8:53 | answers-afd.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | consentdeliveryfd.azurefd.net | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:80 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| FR | 2.22.57.219:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| FR | 2.22.57.219:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| FR | 2.22.57.219:443 | www.microsoft.com | tcp |
| FR | 2.22.57.219:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | softonic.com | tcp |
| US | 8.8.8.8:53 | answers.microsoft.com | udp |
| US | 13.107.246.64:80 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| FR | 2.22.57.219:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| FR | 2.22.57.219:443 | www.microsoft.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 2.22.57.219:443 | www.microsoft.com | tcp |
| FR | 2.22.57.219:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 13.107.246.64:80 | answers.microsoft.com | tcp |
| US | 8.8.8.8:53 | answers-afd.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | cdn-dynmedia-1.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | consentdeliveryfd.azurefd.net | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| FR | 2.22.57.219:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| FR | 2.22.57.219:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| FR | 2.22.57.219:443 | www.microsoft.com | tcp |
| FR | 2.22.57.219:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | pcoptimizerpro.com | udp |
| US | 50.63.8.124:443 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | pcoptimizerpro.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| US | 50.63.8.124:443 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | pcoptimizerpro.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.jqueryscript.net | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 104.26.4.155:443 | www.jqueryscript.net | tcp |
| US | 104.26.4.155:443 | www.jqueryscript.net | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| NL | 18.239.94.121:443 | static.hotjar.com | tcp |
| NL | 18.239.94.121:443 | static.hotjar.com | tcp |
| NL | 18.239.94.121:443 | static.hotjar.com | tcp |
| NL | 18.239.94.121:443 | static.hotjar.com | tcp |
| NL | 18.239.94.121:443 | static.hotjar.com | tcp |
| NL | 18.239.94.121:443 | static.hotjar.com | tcp |
| NL | 18.239.94.121:443 | static.hotjar.com | tcp |
| NL | 18.239.94.121:443 | static.hotjar.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 104.26.4.155:443 | www.jqueryscript.net | tcp |
| US | 104.26.4.155:443 | www.jqueryscript.net | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | tcp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | tcp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| NL | 18.239.94.121:443 | static.hotjar.com | tcp |
| NL | 18.239.94.121:443 | static.hotjar.com | tcp |
| NL | 18.239.94.121:443 | static.hotjar.com | tcp |
| NL | 18.239.94.121:443 | static.hotjar.com | tcp |
| NL | 18.239.94.121:443 | static.hotjar.com | tcp |
| NL | 18.239.94.121:443 | static.hotjar.com | tcp |
| NL | 18.239.94.121:443 | static.hotjar.com | tcp |
| NL | 18.239.94.121:443 | static.hotjar.com | tcp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | answers.microsoft.com | udp |
| US | 13.107.246.64:80 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| FR | 2.22.57.219:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| FR | 2.22.57.219:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| FR | 2.22.57.219:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| FR | 2.22.57.219:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 50.63.8.124:443 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | pcoptimizerpro.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.jqueryscript.net | udp |
| US | 104.26.4.155:443 | www.jqueryscript.net | tcp |
| US | 104.26.4.155:443 | www.jqueryscript.net | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| DE | 18.66.102.106:443 | static.hotjar.com | tcp |
| DE | 18.66.102.106:443 | static.hotjar.com | tcp |
| DE | 18.66.102.106:443 | static.hotjar.com | tcp |
| DE | 18.66.102.106:443 | static.hotjar.com | tcp |
| DE | 18.66.102.106:443 | static.hotjar.com | tcp |
| DE | 18.66.102.106:443 | static.hotjar.com | tcp |
| DE | 18.66.102.106:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | tcp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | tcp |
| DE | 18.66.102.106:443 | static.hotjar.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | play.clubpenguin.com | udp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.196:80 | google.co.ck | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
Files
C:\note.txt
| MD5 | afa6955439b8d516721231029fb9ca1b |
| SHA1 | 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9 |
| SHA256 | 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270 |
| SHA512 | 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf |
C:\Users\Admin\AppData\Local\Temp\CabB933.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarB965.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\bl977i7\imagestore.dat
| MD5 | bd97e3457583f0484e88751447b71419 |
| SHA1 | 5b9619fac9c7a559786e665cb19f7a962cda3d74 |
| SHA256 | d885b3cbbcabcb8b5aac2ec859b3a9bbba4fb71c83917fe792d6a58360732893 |
| SHA512 | af597cb33d10e50c5ce077fdbe045a184653f2bd7967b16ddd62608a0b21ecef50046e1bd2fab201e8067be8094a87ab173ebd932094b6c11c4b8cd0cc21027f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\PCOP[1].ico
| MD5 | 6303f12d8874cff180eecf8f113f75e9 |
| SHA1 | f68c3b96b039a05a77657a76f4330482877dc047 |
| SHA256 | cd2756b9a2e47b55a7e8e6b6ab2ca63392ed8b6ff400b8d2c99d061b9a4a615e |
| SHA512 | 6c0c234b9249ed2d755faf2d568c88e6f3db3665df59f4817684b78aaa03edaf1adc72a589d7168e0d706ddf4db2d6e69c6b25a317648bdedf5b1b4ab2ab92c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1816747ee3ff93a04ce7764229d3d323 |
| SHA1 | 0dcb1036c3cd581212e9a9dcc1923c3976ed2b84 |
| SHA256 | 40e4434a367b689f1ae47d60c2f34b4e4358edfabdfda79c966f5f656e7ba0fc |
| SHA512 | fb6fc305c5043bbe4a9356c0592f4404318473c957560699dc877b32c3e4c502b107768fb694cfedb0e80d289a3af113c268ef77933f35f4f26e2c0379e29fce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa626f463355727970b532198603ccbe |
| SHA1 | 28ffc2afe2a21d17c36b5f9beae0e14c25c25242 |
| SHA256 | 2d641654172f9f7bf21857547612349d19e93fa931a0af4907995523da784594 |
| SHA512 | 6e28f8a3af83526cfa50b8af776db91c9e7beb5ad5826001f727e392384b3db04817ca27ecec93b8adeaad5f905de963ee4ebcce2f02d91acf003a9583b51502 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf65fe696ca46eb0f074502bf8c7aa6f |
| SHA1 | df251b57f5285709df709a4a985a4999e66d2a2b |
| SHA256 | b97a6e6c303d6caed64a14b8539cbfbbb1a6ae6db5506d6e607d858ecee7cc86 |
| SHA512 | d45c215a6cb22feaebaed0a0bc5d6ed25a44d5182d9d4ef44f80d151028e3a083c501fd370eca40af7e58cfd7f9fa1de488765efc892bc0238c1fcb48f923e6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9235ea244ca232b013bf3701445d982 |
| SHA1 | 0d95c1b992e89876e5f0e1605c9f88592b98c127 |
| SHA256 | 9b7eb2e6500953b4abd6ee87abb41b12320c2faf8f30d1e0904344eba3134d38 |
| SHA512 | fa1586afd37ce46b8eff98f070502def27d9ff5fafdecef8311c72e4dd92cca4cfc6ad43fca5b5b2d53107aaaba757c86300da1c22e955cf154ba8128b68b293 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 344f35338f1e20a46ba33dc45bf76a12 |
| SHA1 | f6bfb8cb4db6c4540769d848b91198288cb5946c |
| SHA256 | 79348c096f16b946878d37d1189522b4b9c315e194aa6071cc372f1ba5e2cdee |
| SHA512 | 303db86fd0ad2f143533081f6d0b6409884017e48e5bbb86e8128e2a8254bc4e07489dd1c866430c5a05ac85b53773c466f53c7b194e43ca4177e6b084e0bc75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a73e7cd849f41d8b1c87d1b221069bca |
| SHA1 | 719376b521e18e3ead34515be20143a307336c0f |
| SHA256 | 49a53b781a7b1f2d8a54210cd965fd736e2a74356d2c99018cbe86d5e15e1714 |
| SHA512 | ebb56c5267120028cd218ad6babf3c7c36d321c42f89f14b7750b3a7baa2bf6d1f3e762aa6542c24a40664a6317a6dcb5c70de68c5e28f84d728a42b22fd0763 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbb1a9739b047677c1074d8586a3c2aa |
| SHA1 | d42cfc26c03c7565a67ab7ec5fe10e7d49748e09 |
| SHA256 | 84ed676717250e6279c188b55d59b24a6fb8bd5913ebb1c3231f5a03eb2517d2 |
| SHA512 | c5a52c1bfff9709c4cb8c835b072c273014705cdbf919c198a390afc103da38be0e390280f1fc2461c3e54e348c2b6f52464ad3cfc7da9dcb60dcb57346b9ac3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c9c45df006c03743b05e9c08a3b6c07 |
| SHA1 | 354451c03b9776efb46bf8173e248d3ac33998d1 |
| SHA256 | ab6f52f9159fa387bda1b3824519e2d7b51cbb82b3655aa9c50f2844fe20b933 |
| SHA512 | b4b92d6174a310c8855e84a0c01ea9cf61f3122442d4d75f303d29eab41ae8201e2bf9fa85827b13ffbbd6e2eeda8a507f05fa23e43d4d416564773da69234f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d48a10b730264c004f2b33fa6b8017e0 |
| SHA1 | 2f7a46efaeaed2b6f03b07621771be74413bd4a0 |
| SHA256 | ef24c4e0207a2b51e5f951c9510109fd8f054178fe0cd1857d46610b0551c999 |
| SHA512 | 8c994a5775d05021ebaf2631095ae46ddd353800134e4422c7c0274b46ab314c2d4d3974e064b1011b2fa976f74c5c3def592465d691cf1dc4faf39a83d63794 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a226bee92784b5ba900872992b18c553 |
| SHA1 | 080a6a4a8d10ca2b450ab1c23473841f2d1e560a |
| SHA256 | 6ad02884de782a1ed23d5e1acdb498c44a164475c761951f20dc9a85aed096d5 |
| SHA512 | da53d9922837f154010600eb104fc4148841fcd5fcb41b65e66cbda158bb1ae293cb4d8e3d99317490ad456b961492f93c7f11e426e2b7b6a8dca9dbe93ccc21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4c19de1862e1a611b8ea42ece3c3b09 |
| SHA1 | 51026b9081cc98afd06428eec4c9d1843accf939 |
| SHA256 | beb9efe1d813397cbabcdf048ecfd7e6f97a3079fdbb52b44acfccca9575d19a |
| SHA512 | f2341641da1de6b59517d82cd62402414ecee4556982fc4d31e71fd6e8bf54726d08c24a6cf6d3541448718e1bf21cebb1b0f867588ee017c154da51bdf634b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7472e857e37637bb437020f5f551d98 |
| SHA1 | 350d901e2ac6acee1ff834f36e1ae3ddf7b433fe |
| SHA256 | e1e3d7e88aaafa7d15a20b12c668988c2b9293a9a1cd9bf1833ceb884489867a |
| SHA512 | ad8989c38b4abc77ca7367cb8f94c33f157d0de8968904bbeab3eead08af564ade9af5cc160a19ffdf9c0ae0755fdce6f987f62c14a0a20ff8920382aef85f17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7ecbaea265ae867fd0f5fad12d9b18f |
| SHA1 | 23d85c443475e5a6008daa5d21077dbf3ed30489 |
| SHA256 | 6bdc5c41288da54ac3e32a23985d4b11eb0e37f81dcb5f14bf216b2598d9e758 |
| SHA512 | 89ccd1b4413be96d1b22fb85ad5a6d84e5de17602cd2dfe166be716649c29855ed772accd3eeffd6069d561a20ed104ca24399c0c6dfb842f039db03dd46007f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fc2c7706613e3cf73d23a92e1148574 |
| SHA1 | ff24608cdfffd2e3bb8acb787cf56851d250a705 |
| SHA256 | 0a30bbbb701e49062383f346199576a686a6e3bac2f35c1f67719ed2dd612a33 |
| SHA512 | 2f58fe43d720c366c5bf52d27580a93e14a8b733b7f9bbb46a2b44fbe14ec9ac5755f13a5c25d952be0bbf6e0843d2e3cbf1fff4d167d67fbd2e7e8d317de9a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e74b71bfb9f5c36c12d606fa0045a8ed |
| SHA1 | 3c85d1f3fc3f4c69b72e232e5de8fe66f2ea4d5c |
| SHA256 | 4c9e204e0135f150af3f65cc1c5f9a15300051b69bad6eafdabef4692172e474 |
| SHA512 | 72a0fa68ba68e1bf92dc4f512918e906babe71d60f45a9e85e7086cdc610fb357766794f071585c2bbf0d89f8d6861ed223a17fe7ae2dd0499ecb537e38fcd15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c73fcb27138e5d66c3bb641564ebb5a1 |
| SHA1 | 2966ad71e70180e95ea0206114ba7ea29084fa4e |
| SHA256 | 0785ae70cc62e8b1b139951e47e6f2a7cb01b3255f4fc20b3c3cb611af756485 |
| SHA512 | 1803d2b2d0e70004d2fd211c89931b287fe61366227b641e2f23069d82dbf74bc3ff1a70ebc8a6ee73fe5f4d82be8bb2f25bfc06ce4962648fc3b8b9a302d314 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afa4bab81ae3df3c19dc9bd7ce38d42b |
| SHA1 | 5051585e9a76b940f18b9bd601274282650bfc7a |
| SHA256 | 90cd1915c7becabba5f69161f6c1493ca46607d3477b53a4cdec7313491322bc |
| SHA512 | 18eeb29e60f2508c5232c865c37dba32a76dd88b81f6a3bcf304ec82ed5a719c42a00d6d6d3acd75ac5175568a47d1b5831ee449ec201014919cd81460f889ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b928b98e74a24197ac11e490802f7af |
| SHA1 | e9a0b9a9d2821733541aeec29114f5b6d2a192e0 |
| SHA256 | 4a25595078ce532c0ddebaefdcf082a21f8b5ace6d48858a3f821b0c6e6cd802 |
| SHA512 | eea56ccec8e7b5f569d6b6b3334c774b0501196f212175ff57d9fc3cf659502d82e198c462341fb0c476c90354de5687bea7cd2d31e1952c157798ad7a6a451b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb4ff1f8379a958bc941dc9b07e4de44 |
| SHA1 | 654c387df7a631e8b3b2c2c34dc191bd7ab8f23e |
| SHA256 | 7c41861d309ff083ad9fa257cb33e78dea86148388ad8b505050e49912ec3f2d |
| SHA512 | 533c3377c955b4569f81d5a16f7b937de66d05b225e97ac5354917eb597bda926492574f0e5ba3ccbd5382755af8c1c8cced1c52e320c28d6d655413dfb011e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3522cde218bf29c5c239c78c9366c18 |
| SHA1 | a8b6c47ba9d740f7716cf084d68b6afe82991384 |
| SHA256 | bb8abc25b05ce13e9279805f72c841ff227f01e1dc02c7cef910b82e0179f054 |
| SHA512 | 762d6c653faf0de420471adc0b3013db335007fae8973a0f5087cce0e7ce0158a7527d5db1e5cf5400bfeb093e4fcad23c932b54a1cf1989d4c40ce3fb2717f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | c53229196ca27aaab6a229c4fa5d4e89 |
| SHA1 | 9d228331b0806674208ca285baa4aaf035f836fe |
| SHA256 | a3ff43d34d5874b629fe37ff89d156c86e98ea752df67170960a3507bf92f41a |
| SHA512 | 1d3f3fbb37cef7820a5b7353a8e1b56dd415bf2240d4db863b110babe3fa93c7cb320b998b320d697a801900fd59561a7f6ea7b5172084af49ff4a9bff4b5b2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | ca56af0c04c5f9db4fa4f692c26459f4 |
| SHA1 | ea7091b3fb90a0e5d87aa60fe77f5ad427fdee9b |
| SHA256 | a4055c5ba8d83623c48da8ad1b14d9d41451e3fcf7fecf11a1b0287229ec018a |
| SHA512 | 5c280f885a90c1f1a65748dffde7b99cf238b9ef0014e19629211f1d4652c2207e03030421827d04f6281b84c275a9df701c63b84882c70205860b0be54ef4e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 1b4061c90fd7112651afff281ec490ce |
| SHA1 | e1cb33a9a2ba367b9a85da0c3e86957146ef41b1 |
| SHA256 | 15d9f03f96cf007c5f88e3c16d7715888812efcccdf8695843abcef67bc48b6f |
| SHA512 | aef779c2c27bbf651adf4408cd675efc7c336d926f083131a0bc2257f717dc4de37d8d2031dbe6d6c9844f150eb578851087e5cccd0c6d3ca891457dda660065 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 021e6ec99f1352ed06df4bd92811c33e |
| SHA1 | aaebf5f77da6931ceaf01f1e0c554ce1eb9e5e94 |
| SHA256 | 84ad2231ede19f312f24c013bd6d9d788c9ed30388209eb58e5a880a6f2e5b9c |
| SHA512 | 4ef7e8269260bfa3e74c0b885bd9b3dca5e542d477ace509fdd590e9709037d6611820fc2b9517159071b28e58077174bd4f74446b3393fb1b2a6d82ec7e96e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_8DDCD35A24056C64C2C0E96C78DE15C1
| MD5 | f0d461be2383de00b0278a7baa6678ce |
| SHA1 | 85d3f600981db6ddb79afd2aa924e3619bad62c3 |
| SHA256 | 9d077d460df3070f1b9be4bcbc8ecc1c739387fd3bb46e15590ec2933fe022f8 |
| SHA512 | ff07434a099aba78b4c0c48f0ae24295ef5c6404831697e9522d0a35ae3389cbe798a7ef8950e8f1ba9e9231f20e01d0ad2dc9e9dc5cb4ea55d8b9f8d8dff1d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_8DDCD35A24056C64C2C0E96C78DE15C1
| MD5 | 6fbcd16a5863e21baaf23f9dd68e0f69 |
| SHA1 | 1b4fc8cf8afcdba820ed539a4c232c40de97d9c6 |
| SHA256 | 7eb39b61971902495855611ca190c457ffd59824c1b6af366a178a2acf843ee4 |
| SHA512 | 1c20e5541c1c986398bee5184572c6c69b409b60c69f2ac8653243187dbeafd8acb7743e52af69b8f418ea40cd983aeffc0142332bbd4578b175c3755d8c450c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\favicon[1].ico
| MD5 | f3418a443e7d841097c714d69ec4bcb8 |
| SHA1 | 49263695f6b0cdd72f45cf1b775e660fdc36c606 |
| SHA256 | 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770 |
| SHA512 | 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\bl977i7\imagestore.dat
| MD5 | ee012a2e6af63fdce523204f45a35685 |
| SHA1 | 24089fc905c0c111a330305f1a825673a3622253 |
| SHA256 | 10e20dc1b472d7f95e6a5a357aa7abbf7a1d2142676eddec1d3fe33d9d5388df |
| SHA512 | 7807e42ffcb5861b2b9c598dfe1dbe79301e42dff2072cffe64721e2ecfe4f000af2da68557ab0a826e45924311a44a54f5129b3e63828cdd6d854fc8fd38895 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\recaptcha__en[1].js
| MD5 | 81697e6cdd98e37117d7bddcecf07576 |
| SHA1 | 0ea9efeb29efc158cd175bb05b72c8516dbaa965 |
| SHA256 | 73dd640564004ec8730e7f3433b9dfaa6876ac3a27e6964a17834f07f6d56116 |
| SHA512 | fc29d4a1fd39a7c78b7f57b221596acee9b805a133ce2d6ff4bc497a7b3584ab10e3d4ffde30c86884f1abeac7d521598ebda6e0b01fc92525986c98250fa3f8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\styles__ltr[1].css
| MD5 | c8bc74b65a8a31d4c7af2526b0c75a62 |
| SHA1 | dd1524ca86eb241b31724a9614285a2845880604 |
| SHA256 | 3b457e0acfb1d231461936c78086c9ea63de3397cbb019c4fe0182a645d67717 |
| SHA512 | 4d7214ac44475cb4d9d848d71caee30a3872cab3957fbb26a0aca13db1933cda1e9799938ba1460581483123dd6f81c3193bbc80989cba7e555f308c212841ae |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FE874RFS.txt
| MD5 | 31fe3067188b6b2ec315832eba0e4bc2 |
| SHA1 | f73c3d93e0b6626e0bcf0148d41d1858cbf76481 |
| SHA256 | 9c6f954d2f6064f927ec1fd1d4649d00f5a6cb9e7a8e040a14be07d7f18b41aa |
| SHA512 | 1100585d5ded144c2cbd0e1106586cd6c49f8cea93137d567a12ca604df831afd9b4d60d085daa8fe821caaf606895a6cbd739265b1dafa24d9e6bdaad76ec72 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\api[1].js
| MD5 | 9a7730f4a9a8ea6aeb1a51493b19c248 |
| SHA1 | 8e1bddd7332f16b21514442022da22c56a009596 |
| SHA256 | 19dc0943a446be7f0d9d6e08ec9541c1c9996840d43b1e9aae42da4174184a09 |
| SHA512 | c2c7830ebbfeda0107b6ff4e9aaa8916ff17ba9c0a3a1337d840e4ed6e47e987048717372b4605715e8ba94fca156421e40e78890473392597fbe98e5c0ecd26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_9486133ABF2044576703FBB79B3D8117
| MD5 | 391e29c4f12d6149a1903dc188fbd002 |
| SHA1 | 44a729f767d675b6369170493e141dafb7dd8d6c |
| SHA256 | 85a728ea3b1985e1ecc6290234d70f1d0f225e6cc35538354788c274d9f8392a |
| SHA512 | 8fe10992ce610928177447113e36f0c07e1d496b5a41dda664304120d8a18126aea42ecbd4d9f9802956f35ebb52c79e6fef5fae7d9ac64f9957b312fc947a4f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_9486133ABF2044576703FBB79B3D8117
| MD5 | 22222512256381d408664a119a36bfd1 |
| SHA1 | 0e5548a659907b7f1dd3bc46b4158cb0c43188c0 |
| SHA256 | 7055aa453a3d151db506706c915f33ceb4e6f6635d581fef34e05cfeba64f6b0 |
| SHA512 | d63e4bcebf35cd42047668579ca674a3b580481b2717d1f83fdea773117e2326f5929dd25089259426bc71278a96feeb3826179d691feeffc962e75912e33502 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a30c6173df9e30fb40f7efda57208ab |
| SHA1 | 3233202966b26477cde9d9e2aa995e71389a9cbf |
| SHA256 | 79776c8ceaa8fbf499049ae49274c819a4971969da97966c43708bcb94a25cbe |
| SHA512 | bebc29bb711898ac69ffc1fb29f19d8623affb8ec3b8f5575d9bfb2cd92344d42180274edbe34149f0876d6f77461b757c11a24a87c746afecced322cb40bbf5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\KFOmCnqEu92Fr1Mu4mxP[1].ttf
| MD5 | 372d0cc3288fe8e97df49742baefce90 |
| SHA1 | 754d9eaa4a009c42e8d6d40c632a1dad6d44ec21 |
| SHA256 | 466989fd178ca6ed13641893b7003e5d6ec36e42c2a816dee71f87b775ea097f |
| SHA512 | 8447bc59795b16877974cd77c52729f6ff08a1e741f68ff445c087ecc09c8c4822b83e8907d156a00be81cb2c0259081926e758c12b3aea023ac574e4a6c9885 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\fRwAWOYR0sZ_DK6a62ksuqjc33yP5zywIS6rjn3kgRU[1].js
| MD5 | 4b6daa0bcff92925cd864ebe7ff35ae5 |
| SHA1 | a31735731b1bb2cea0b4c0d72380396424a0d4bc |
| SHA256 | 7d1c0058e611d2c67f0cae9aeb692cbaa8dcdf7c8fe73cb0212eab8e7de48115 |
| SHA512 | fe36c45c25fc48510a722be53d4aa4eec956629eac88d8cdc1c18f8ad425c510e2a74cd1ddfaeedd230868de00d466918bb6710747e4afccd09735caf9002633 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf
| MD5 | 4d99b85fa964307056c1410f78f51439 |
| SHA1 | f8e30a1a61011f1ee42435d7e18ba7e21d4ee894 |
| SHA256 | 01027695832f4a3850663c9e798eb03eadfd1462d0b76e7c5ac6465d2d77dbd0 |
| SHA512 | 13d93544b16453fe9ac9fc025c3d4320c1c83a2eca4cd01132ce5c68b12e150bc7d96341f10cbaa2777526cf72b2ca0cd64458b3df1875a184bbb907c5e3d731 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf
| MD5 | 4d88404f733741eaacfda2e318840a98 |
| SHA1 | 49e0f3d32666ac36205f84ac7457030ca0a9d95f |
| SHA256 | b464107219af95400af44c949574d9617de760e100712d4dec8f51a76c50dda1 |
| SHA512 | 2e5d3280d5f7e70ca3ea29e7c01f47feb57fe93fc55fd0ea63641e99e5d699bb4b1f1f686da25c91ba4f64833f9946070f7546558cbd68249b0d853949ff85c5 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EG5O84FS\www.google[1].xml
| MD5 | 13f0c7d0d203636cb5b2723a2f67cbb7 |
| SHA1 | c248b3914309c9e1f4a65740d964023d135a4c42 |
| SHA256 | f9ff1e9afc1df30b4cf0f649cc3bfb15c6354a47d998e75aee8b7e17789b8e40 |
| SHA512 | 1bc8c449931b7f1e105ab0c89d6f0967d1ccc9d825788cd30baad23f5aa3308057beda53ef1a6a4e40c96223a3f1d99f6962029709ec6a052b3be4ea22f43828 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\webworker[1].js
| MD5 | f56bc8f23c3b3a667e0f3096f87dd792 |
| SHA1 | 9c064bf7e19a1da889286cf59e260c3e7c61bb5a |
| SHA256 | 0474c582af94690bca87dce1b9dc2c42d26c4aa831bc03a1e11ee1a169b211e4 |
| SHA512 | 3200cf8a5c4622369f1b0bcb0b35ca875f41bfaa7399dcdfc33cc690c921e978d9b3baabef615d34b7d599d4131d40e374d1914f493cef70f59cf90c772e60a2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\logo_48[1].png
| MD5 | ef9941290c50cd3866e2ba6b793f010d |
| SHA1 | 4736508c795667dcea21f8d864233031223b7832 |
| SHA256 | 1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a |
| SHA512 | a0c69c70117c5713caf8b12f3b6e8bbb9cdaf72768e5db9db5831a3c37541b87613c6b020dd2f9b8760064a8c7337f175e7234bfe776eee5e3588dc5662419d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 87afa49d1ba0e9652b817f2684ce37d1 |
| SHA1 | 13ae7f6e6522e77aa06e28a70ea1201910cf2d0f |
| SHA256 | 38c3fb5508e7c08ab9d0337ce10baa4a38b5a171504cdd4083bd0b6daa5d3e73 |
| SHA512 | afb3d3258e9c89775c52454d91192fbb059d25749b40370fd6a1ebd9110a113f4b790e98bb1a24d0bcf1b8f0c4add67f1b287885c7185a00252fa0bc3b0f41e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b5572957869f39b61e2d55968849551 |
| SHA1 | aed3c0a656a6df54f747c8f84efb7be84a4e5ca3 |
| SHA256 | c73c1ff267e67b01a5027e21dba41a1b5c562faa12b5a40059eab6e528c4a2fe |
| SHA512 | b491f54d58bff5a0bc18e007e84e957e46423ba6b75837371210d440741f2f720386b43d1f075a3e1d3d6cb47118f0be40a446de8ea3c75fb26e4eb01cef930b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a97e8029ef4a50e4fd1c1faa0a0ca214 |
| SHA1 | 354cbf850603278742ab1245a506e88ecc855b2f |
| SHA256 | 6fa95012803d6746955900cd00e3b4b73c30cdb135928e769cc08f28ce2dfbba |
| SHA512 | 05811b9761611cf55174b7dcb5861ea70398e0373a6a7a30b46dc1b93a01111b44d228545f6a940649cb67fba7b29993fec273ace3fe367a609a49753354fbff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56f0151ebbbc1fe1a7219b5fdf46abdd |
| SHA1 | c79f2c8a19572bf5edb877ae733c25848c094c7f |
| SHA256 | e17e93efd6a895474614c2b827c9a374d3655a460e3abfb00c042717287c3905 |
| SHA512 | 235140a602a46adea7fd07667e209f4ee7cbe0c23f6fadae83b1700b52e1715358abbb44efbb6eae5cc7a8b1be6ee8295b6c1cb3c65cd07798da1a936bf24fa6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e9979e49d049d8ca82ae740c49bf434 |
| SHA1 | ea106dba6b67f2bbf2fd15c4c9607c60f832cdf7 |
| SHA256 | 65864371661436ece7f62c097d34dc75d9b0363d82f15f4eb88a88080c1d6d75 |
| SHA512 | 33d0a07085fd818db222b19e49f3feaa09a3fa3cd2666666e903268e128df759e813e9ed359b476463bf61426b1a3cf0ea61257e4c87b4d32e9ecb621410c30b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 965b0a0240447cbffad4b548b9cfc62a |
| SHA1 | 905ab32a75ec5c5787e093e03534add71abb00f0 |
| SHA256 | 93582e7662d6d8304a2209940da2b2918baf51b4d7f9b5c9e19f423f1504cd8b |
| SHA512 | fe7c7b71e74430931ba2225f8b08efd3432f9e890c119f149cc930b35392aec948796f1bb095bc81067f6344af1bbc17a93f30502f0df31c5e104604c4142123 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6567f534426de56bdeabf806b300515a |
| SHA1 | ae6880df4754ff24ac57cf64575d148f31da22c4 |
| SHA256 | c2c8edfcef596201fe3263d5caf63fb210a41b28592ca7b46af548c51f4e120f |
| SHA512 | 655133b0639ec15569a3bfcad69aad099884f7367e948a5cd05129f3bb25842eb28b8cf03adf4178b37ea8216c1fd3af256dcc0fb6d1868d9fd7f6d81ab2d00f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | eb6f61b77b406324e33d1645321bc013 |
| SHA1 | 252b8defbf1a6d66bffdc3349548343b18ec8fac |
| SHA256 | f5f629a0da27cfded5b37b3199791ef476a4f902246690636d2f6732ecfd25f6 |
| SHA512 | 0ac98c8d2b54904bcc781a9d495968257af368322c9bc78429c7cdc65eadb914599a4f71dde748bde20644922d8d3f0cfcffd84bbc73261bd7178bdef2291ce7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f39316e0a7e11d6226f1ff26f308dd9 |
| SHA1 | adb8719f23174576e7ec037b741ef1fc9471370a |
| SHA256 | 2f4fe3ba7235c7c5c4dc69f050f9bea22f65b9bd719c1bb41f32ffb1581e4472 |
| SHA512 | 65834966810d694bcf26aa24f82347a427b186d47fd04cdc019a52f56576313dee9202598394afcd49d7b7343914ce56cab2f504e3313e677c3bb3da80db2fdf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa051251d556ef737fd8fa7ccbb30674 |
| SHA1 | d0f429a630e5eba3ce379dffc4f13108c3f83e5b |
| SHA256 | 4b4a55bbdde36838c35be4ce030163074da5c438cf954fbe4e827530b1454512 |
| SHA512 | 4e63fa96323407481cad8f199cbabe2d500dc0eda5da5f74bee388a672e25dabc8272c35f1126507866e4ff5e6d33317d1fb4bd58be591bc73299742ef8725f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3625e45962f8b85609246f3094f525b |
| SHA1 | 7b224832a4989c3acfa4f427df7a4bfb92957a28 |
| SHA256 | 11a219e4c7cdf23f84643b74328c8152fa6819ef7cb285dfd62ba3627982dbb8 |
| SHA512 | d9c740dbb4aa8447abe81ba171d9d83268d6444afd7302c17b723399402ee0e8c1bb31b04e5fc60e4805648c8184015592689425ba5b09c89e253ba25c96b963 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8HJ09YAS.txt
| MD5 | 78183d314be3ccbfeb11ad5485a1b720 |
| SHA1 | a76600dd90e371caeda0eb579c821ede540943f8 |
| SHA256 | 021a1d193a8e1bc5802a1d28a5e63dd702e78f6adcf4856fe0677f10241e9c93 |
| SHA512 | 607d8b90377f99597136905735cb2bee107b77e5c4ec0c703a03bab59a3cdbff46eb70473deb142afff5ecfa45faf9afb9e7239f76c2114d282124c0d6d1ae39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a67d499b884030ef77a77a8fd390e43 |
| SHA1 | 95dfef37c72f6be1f91e33632ffed5024463d789 |
| SHA256 | 87a1ae7c8ba67c9e7af07a903645b990c38fd4cf5e31753c8e68516362565dc1 |
| SHA512 | 52e51c7bc1859da228277ceb55d85fbeea4e1fb146c8cc262b00e255ef805f69e28eb93f7b16db348f09ca52228fb24b69377a412277595ce271b934207c8b0b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\MZL4ROHO.txt
| MD5 | 839a448c22769b51a6742f6c7aec89c4 |
| SHA1 | 65d8c3d18de4e639e77b74bcfb9391f7d3d71913 |
| SHA256 | 461dec09e7d27cf67f967d62d3736957961092b4f289d8c422d3331c3913a0c5 |
| SHA512 | c9442920d70732f6d0fb3c020ccac8e06ec0250b090aa8956ffea4312e35dc36ce7bc4ca6b2d7aa03ab8ef125cad72871cb79d9069de73929ebdc7dafe6427ea |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\0FEAHD5H.txt
| MD5 | 09fb5138beb9e6a8d201e3dded54ba7b |
| SHA1 | dc14c77942031e74eda8e731e283d2b6d6490544 |
| SHA256 | e72db2f879858af0b7e5485c228795db538b20ece34dcc07f1b55fa788db565b |
| SHA512 | def10425d206b8f5232204dca55c087d2e5ca4de3938e2ab156d105ffb4d0ffd4704160a5c7cb070722f3f94ccebc1cc25ee670d9a8b18a0a4b2459ac975b7f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d527a584c4eb01347b6c5cfa096ddfc |
| SHA1 | e6e63fb67d4a65ce94d952a239066af3af50290c |
| SHA256 | 27187ae090d609e4ee1549e0d1bb847c41cfdf2ae4cd66edb18af0315336a568 |
| SHA512 | d0549658f45e4e9c1ec2701f13b0db7c28abffdd87b86f34229a73de0fe594ec47e741f2374f3402c95cba27f90981f17cbc407118b507b7dc98f0ebc99b654b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\3HDZCTCI.txt
| MD5 | 3c0138b5987e122a112c1437fbfcd853 |
| SHA1 | 4828980be258bc942dde4cc2bc04f9ae99ecc8df |
| SHA256 | 34bdd7f6c21547da43f3ba4483214459233340d55721c5ccc7925a61b9351ab8 |
| SHA512 | a497d641495828320aaa94f81658c0de5d692185286f1169ebf98e4f88fe9e1fb79b113c7eef54a42aa1019a6622863347c04feb2c849c83c5f2e859cc9796ef |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\6YS0V0D3.txt
| MD5 | f2f0cb98c065bd744287ff7eea3b6f23 |
| SHA1 | bf97f5012feafd5ea2dfe8c306e6e5415fc56da6 |
| SHA256 | 323040c3b8ef86420c644449fee6634133ed955bb4e81d60dfaf12ee854ddc27 |
| SHA512 | 351b5bce4cd7eb8beaf36a38650bd716a503908e778e2b8a137ec47ea54e5b4cba80dc40ff176e75c555837682ef75ab5fa387c9ea4e8d9f73e5dbba3731bf63 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\7UJULIKL.htm
| MD5 | 2eeb2e0202b1bf9daf39ac6eb1466b42 |
| SHA1 | 26abaa251ff391b4311c5cfa927be41b09ced5d3 |
| SHA256 | 66f963290dda5adc89f8ce4e16676df4540d5b8f600e0fecf86e03a4fcfc1c02 |
| SHA512 | 101659d11d34d4d38aeeb181917a7ab7630dd6909699a018166a9cbbb4346eeb9801c75c57fb67b63f330bd363b7367ba99ab604bdd9f097127474207b871e16 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\2T67XIG1.htm
| MD5 | 66ba9e8ba75d034ab558f011343daeff |
| SHA1 | cce6fc75648a2ca8b9946d622b38439616018f5d |
| SHA256 | cf35f8fbd832369b5c7275166857aed17be301a035381e9b5cc4d44cd1f5e943 |
| SHA512 | 53f182eb4ce1c4726851c92d04a0b37e34b8aad41470a64ae27b31bbee00cce6631ba6efae747a9c9a48e6e51afe3f506812417621795821c5f52b03943b2755 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SWN1KF6R.txt
| MD5 | c29b5949f124245cc101364311dc79cc |
| SHA1 | b7bf9b412d31de40366166226da466179d4daa37 |
| SHA256 | 606e914f9674778c018844dbb1048aeb81fe0524257e1fc8de41c9909163c677 |
| SHA512 | c5c689628e9e76711000ca3375e42ba77a286060826ea4cac8aacc1f7542860b672471f19263aa81a2ec6a61a5927ae400577382139ea68a8833ba73ccd9a14e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_34D61B4A2A4AE0D3DDAB879224BCA77B
| MD5 | 4e5198edc1114fc41567672f1eb0719b |
| SHA1 | 450530bcb843564f26fe247c6526e0f8e63ff9cd |
| SHA256 | 6fe0f102bffe3498d720f63cb17836ef5ca00ad3567c1222b2d22cadd08dad9a |
| SHA512 | 6ef1ad07080c7a5f0511c33aac0419fd6c325d0a506241b90df22b69ea7e6fe493c3697b189c91a0c940da019bbfd746ded30695c46fa30b51fffb8abb15f5f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_34D61B4A2A4AE0D3DDAB879224BCA77B
| MD5 | 51b6394ef99f249606317d8df090f521 |
| SHA1 | 6ccbe0f1a52a0a01c4f0e644fc3ec1aaf79f1fd9 |
| SHA256 | cb39415a40f833db9d39b1eaf4a78dabac82a00816c375c03173be8644facb59 |
| SHA512 | 92eb7b33846193f843beac7a929eb0f41e4bc8b3e395220fb277b0776e852d9c39a30f94e2644247ba3b3e569370f1f492f96a0cfc1ef78fa1ea6e6a1afead1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | 05660d30398f29747b6f81d2f48d320e |
| SHA1 | 479506a4c651f0d55c54511e61cf2bb9e8cacc69 |
| SHA256 | 8e5a9012253a5f2cc1ae9f849efb23916e22c53acf7bad2974986930667ffbf9 |
| SHA512 | d745e8fc809b3f8da240634f7c27a9e07fc6258eee088058ffa7b6bb23e9532055317e362e9eec770aaf6c969fc709fec6f92250e52c422a907589dbe6f036ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | ad401ae4ec69d7950df75b2fc5d761c5 |
| SHA1 | c90a08146b70d6ba363cc118d3f4f1fa77fd2e3c |
| SHA256 | ec2d529177a96aa7fea76edf07d35069ab99081d2af7a231e25b40ba56d59287 |
| SHA512 | 368115521e21e2cb9e3bd6f6b5eb2e311cffdcfa419d4d3eac757e829e215fd9e0a94f667cd7e1ddb249a1ae30525849a6abad28aca44d38b1e81d4b7150c294 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\PCPRO[1].css
| MD5 | 88b7c6da19faa99cae52c46212cf078d |
| SHA1 | 37d7811fb05436cc0976fab9c6cbad9de3e218a0 |
| SHA256 | 3a82c01b2096f24a9a8c6761994f00f3302ff4c0f0ec2c77bd440ff821afbc7e |
| SHA512 | 1055ab6f36668a8589ae94eb30a38a21b07889423e9a58fb5f8a05542bba0c365ff32d50e1c68ee46b0b012da180eddd6bd15b6f518318943e9d16767bc37fa5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\bootstrap.min[1].css
| MD5 | 0d9ad1c31f08421ab3e17bddeec2f0f5 |
| SHA1 | 56b081079b6a00fd3ac7c7fae826f1e54edf92bf |
| SHA256 | 6971181fcbd5975a75b1b9062f5ea652faccbca4bbb995f7f3351697471383d6 |
| SHA512 | ad4b6badea519c2120744254926d151804b6ef3a2cf7a8a0ab34c2517a547687e76c9a769043042440f6f7954202b7c09c4a4d1e44ab17d0f27e97bfdcfc7147 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\marquee[1].js
| MD5 | 5f597d4d1b993365c8c9c97e6c7d352d |
| SHA1 | 2612a4c82b38bbeebac3f39f4e65562ca42afe71 |
| SHA256 | 11d0527ff372454bb4f6cb9170e93c245df8cdd10ab335b29a0d05b206e8f456 |
| SHA512 | 4de5e8d43a813c5894c54ffd88003389de64d003d2d47bdf105d0c31167bf69d83b32c37d15345f4449c7054daa58a94e8a1f6ee14a4832190da7ea76714e2da |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\style[1].css
| MD5 | 6a899616d18af91f7707109eafcb19d3 |
| SHA1 | 3179b45780ed7dacc49d9fc09b079d6a893e0bcf |
| SHA256 | 478cb919a1614c86930cdf7e7607e713ea721a488fbb0b150f5ced5a67fbf40a |
| SHA512 | 103319b3ef9180a224689f4650c431fe4cc3b6989925938317cd49c9a6d720ffdba639ea1e67a7a9bc96a24e4e8c134b7d480ec934f2f03365219f68521020e5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\faq[1].js
| MD5 | 506aeb1f4147e9da132cf745d8e9c258 |
| SHA1 | 7702bc8743e96dab589de1fb5276acb46aed522d |
| SHA256 | 4de550096ce0b95effa7331fa701efc6261af28e9c3754c33938ca9bbb459948 |
| SHA512 | d559a5f619960640b2e51e8a8a93b6a3501a443343d0c0507eedbf352e8a33726fc10b04955f74c55647b1c48fafad0509e728099d7aa8f17a64a8286b1b16f9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\supportlicense[1].js
| MD5 | cd2ff195838e035c52599c44fc9e4150 |
| SHA1 | a82a4f5cefe7e20ba0d293f72788d33a428d78b9 |
| SHA256 | 247c79b820e0c6f172ec56a6a0eda7953e2860d165f8778e53de5d7c711e3c30 |
| SHA512 | 2b5efc35e987b4c734134e4486ac26414e29bbd7457715eabefc9c14bd103ac2e9289f2fe47403a28af6d6eb1c869d145341eb55eaf13f417a9c30c26a690d16 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\nav[1].css
| MD5 | ad2ac2d4755aaab6399dc0349f32aa25 |
| SHA1 | 4b229c4bcac17ed349dfbc1078802ff22060ed76 |
| SHA256 | c4a13e3575326f5c953906dcd15a903f2a72ff419d53f6aa1c6630e07a588396 |
| SHA512 | 61fef9a206084dc367b3b9a813038312fc500339234a435a6bc1450067ac3fbbd66893224e3cd2ea5a1930721bb0f3b241467dbcdda08f0463f19074917fcdeb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\style[2].css
| MD5 | b832028d72c7e305874fd0a1f75baf23 |
| SHA1 | 760a6210f41a85954566a374c7925b6a11c8b583 |
| SHA256 | dcf4e93734389f59e6fd8f10a68686e06ed0638ec1dc444d42da8dd85afbc852 |
| SHA512 | 7fcf85b1aaa934b17fcb58bfbbcb93f037af2a6f2fa74ba56bc4726c4626423963704738730793b883e9b16893fc4c55da2220583fc1d789d713e208f31a4e35 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\owl.carousel[1].css
| MD5 | d49fbfc6c0444e7c67b2ee7ae284a293 |
| SHA1 | 986a35e93e719dd08b35c8c8762626ceb495418a |
| SHA256 | c9430ccc20d8d58e10dbcaba36ae11739cf20190424b6f55c0d8cf90241658f6 |
| SHA512 | a447a04166c8c9ac037e46646ddd4d686a4a8554f6ffecd71d2bb9e43c5a2e80f3207b73b67b09594a5850a22435ebdf01b9cfa570f6008b163a0d8d7c28575a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\tabcontent[1].js
| MD5 | f1645e882491b8e9b66b6704c290358f |
| SHA1 | 800bdf76515c5a3d7a87079fd2c018b30c1e5ed8 |
| SHA256 | 4bf48103b3886ec0f395b1085b9fd27cdbb7eeb3ab272b4269ffe91bbe6c9a77 |
| SHA512 | 1dc0572dd4092d8857dabe1b000c4baabe7d5bccf58af4a09948740a0140ae3b380f97be53d08f2f15a6b74bee5d920bb35dc726c2bb30aa12996c601e2cad5f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\tab[1].css
| MD5 | e7ea0df6e57d25b257c9ce904589f0d3 |
| SHA1 | 57d7d657bac6d17897bd114f2db77736e6228e0d |
| SHA256 | 7b9764da2d8c28d3b0432ed0ffd11101ef20e3be7356ae4a6b1e58a3967e430d |
| SHA512 | e718017f623d246c0302d3ab9adcd2e7c0c1d578ca8b2b26ac9e766133fff9f95a4f3dc2b3b35d521da4d534a40f2650170178346f7e1d5fba733fed0857c7ed |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\media[1].css
| MD5 | cf7ebf08c98702246680452eeccc93b2 |
| SHA1 | c88799ca63168f8d953f419a28ca7eb486808f43 |
| SHA256 | 590741b58751d5333a29b1bfe948c3269a27f85424f7c7bf0e86337c87a80a96 |
| SHA512 | 2d5ed86ff065494f24f4f5123e69a9ebb4a4aa075525fadf2fe834106bf39a1fea7e458efb34371a3131e4dc9fc56f56816ffd616536944a00fb653c70e10792 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\pcop_seal[1].png
| MD5 | 50e7c652cf5d57d97906cc8c89cccec8 |
| SHA1 | b44c48b98c90686ac69762412e87099693cfe308 |
| SHA256 | 17fdc0f29e08e58b3157887e3d01f54eb089ceb07ee1f11e7c23b8aaf24d17f0 |
| SHA512 | 5b9f0ed5d62b92b85a56b3d3636f5b3f2b00b7c0ad1a29a7a8a15a9d41ffc09230c71631d50a8912884e64b6aecabfd88a41eb0eba41a7590a6979cf71ec4668 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\System%20_Info[1].png
| MD5 | 13d8a66fef5c774577a32778f9d33cf9 |
| SHA1 | 1d406f9c51f713c0be6fe68ef31a7e256ff1e12e |
| SHA256 | 9395b91b62ab3ff85c2ee3b3db051be72cb940c5fd60c362a1f47e2b2aa2b559 |
| SHA512 | 519d91af222cdf2cf62bd39df7970180dcc1db671e6d452c0423445fe17bfbc0d581d086332745a101ca798701557728244d5ca910a5f47a6215f6b0c481480e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\Manage_Startup[1].png
| MD5 | a6e0eed134db9a750e8e7f1ac4b957d5 |
| SHA1 | 32cdee5662c47ab0035609061fb0254630491460 |
| SHA256 | 6d4bc8c8a2026d6f9399ca76321b2d59cd98d3ba14cff6703220e6f46382d52c |
| SHA512 | b34f143f7ebae545d86b056d9adc41515d3f49d0ff8e586abafe8ecd8bdedfb648dbd0dfe688090b855428a7b5779308fbf4e935b74d4788273a6c1b0a915e50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\File%20_Shredder[1].png
| MD5 | 24183aff636a477732e0ab16370c6ff9 |
| SHA1 | 5a42ea4b92abd9e332a3d8159b446570f64b240c |
| SHA256 | 4abd867fbf5615d689b9ad1bcc9859421f94efed4fd22bf4aa9b21cf02551c23 |
| SHA512 | bff1e399bbf38ea54f18a7dcd6b736630b1976ce03a9f20654f9ddcc8cccdbd962d010e44467ccd50ee80e15f696630732760977179007c31f4fb2f491ef3da2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\gtm[1].js
| MD5 | 0a65ec7f64fc55a2b2c8bb0857b0e081 |
| SHA1 | 8ee1562a7c6eb44d178180805cee0150e2cd982b |
| SHA256 | 4b7f8d5c58b50229b965cd1cdb8a7615b2edb950d50d8bd12b2396c808860a84 |
| SHA512 | 1094102df8d928ccf2551212e14086bdef2456264c269307f9997d837cb038bed64f54c450a2fce3db61066ea1c911e82115158c7793fbf05ed922208027f652 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\Universal%20Fixer[1].png
| MD5 | 1cecc023fd9b1e918570f443d2be77a6 |
| SHA1 | 1d41fe18540214a89ff5e1140e23718e67bd08f7 |
| SHA256 | 3dd1bbba0c353222046e68f07e08b111e0472784e7c9d3370f9f9f3a69e9dd22 |
| SHA512 | 106d0517e388f7db39869d1075e6a86749178b601e845b73727f8339ed81b576b1b746eea3ef845af8fe109bf7f760a452a6e9964abaf3fd79b9bf7a06b911c8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\green[1].png
| MD5 | 315310ce750224bc43e8fccce217f308 |
| SHA1 | 947dfa6db42099f6088d80a6445286162509f7d9 |
| SHA256 | 090fc99b90442d59e416c1cc268fbba8a57a43f58ffc57ed5b2a65c07207cd9c |
| SHA512 | 77657495bd638277455607add35b82af64358992530e1c4f7721f25c551a0d8eb6d817115907062152980d1b6c9e70409209d97166a8bd953bdd916e883e3808 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\pcop-logo[1].png
| MD5 | 45f4d9e7d2e260e8288babc1c6509235 |
| SHA1 | 00b2ff2b04aeae39c3a1acd010c8814bf9f775e9 |
| SHA256 | 9e0bba84f77cc947769f33b6a9595f95bca6f04e76b38d3f6be385e6c00837a7 |
| SHA512 | f2da98b6c541267dd2847a230aa9bd7589b4fcf8e0cba30aaa0314f92146981ec654506e005b9b5d33bd23b6cea8fca0c6953260943bd1200cdc33cc903550e9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\font-awesome.min[1].css
| MD5 | 0831cba6a670e405168b84aa20798347 |
| SHA1 | 05ea25bc9b3ac48993e1fee322d3bc94b49a6e22 |
| SHA256 | 936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829 |
| SHA512 | 655f4a6b01b62de824c29de7025c4b21516e7536ae5ae0690b5d2e11a7cc1d82f449aaebcf903b1bbf645e1e7ee7ec28c50e47339e7d5d7d94663309dfa5a996 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\owl.theme[1].css
| MD5 | 2e1f8dfc574dba3a94e8c10d312e1cde |
| SHA1 | 7dd543f439fa9249879a5bffe2fd79a65f3900f1 |
| SHA256 | 2facc6609906c1a284513bcea372a199e68227d96cd775b7bafd93ec58d7a4a3 |
| SHA512 | ebc9d7402cb32d0a8f5e73c0ccda32f44f46d875fb1eac15b61eb51e31c1fbc794ef81ec545afeddcb9a5a10042bdbcb7f8b013b7c9690d5e74e3d7017ed2c15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef2e7675bd976d86c74d6f7a9b951c85 |
| SHA1 | 14286e1850efdc2512f8f0de7f60104218bb726c |
| SHA256 | 94329493d2b1ba51375e4a0a1763ef0b09ac2c8aefb1523de5d6bdf0121ce6cb |
| SHA512 | 6354175c70481e6bde63415c5a1ceacb63b2879c3e0542723186f5edb2d49f4d20a1c8a92cfe2d4366264c5b5c0b191d5e1ac87a1af56f39dc06474370f98d47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f99f1651ea8a24018179fc441ccd53e3 |
| SHA1 | 29e6aa962941f61f91eee5a96a2cd345d66ae1d3 |
| SHA256 | 36651fe11736663a2af5db3412bd7a0ddb01cedc9d7eb17df1e4107587cff1ae |
| SHA512 | 0d063ef3ed4290211c7cc9db889e03a9170d20a16f11d5d678ac51c5c22e36327c35fab71a9160d1b251700e4ec3cbcef4dc237928429176b200ab798a093eaa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a9ec516b097644b635f7d6c31f44e4c |
| SHA1 | e623cf0c8f742187da4e1ab40e2e3c774ef9233c |
| SHA256 | 9b40c9b13df47dbe856b32ba5f0aa9baf13734fd1d28e7ab5d0d3808308cc746 |
| SHA512 | aabbf9d2688f1aec60a87b513699f204d8e50db068cbaef5d4f399dbb67e56ac505c72ecce09bdff99e586892700a24fd34690613e9d4573038adf0ef41c6b68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | efd9637e71c996638011b54059f51c29 |
| SHA1 | 9fe585cad118f0b862d9e288cba834bac350a21b |
| SHA256 | 076c6131f906d9bf2ebf1bb0da535586186a1b3e40ec3f7216fe2954043d9398 |
| SHA512 | 4aa0db1463af4776e749bf52efacc94289eb15331fd5e18026a9a9cf8bf7847687441a7dc077493ce34e7498cab3fac467b814fd606ab74ad947cf58e619fa01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04d7e0ca5ae09edf1c85deebb292a920 |
| SHA1 | deaa9a47256372e472300d3b664327b274a64cd1 |
| SHA256 | b5c8ab598159f8b65103d52fa36dd758843004bca376acee62b6964f23dc4fa5 |
| SHA512 | e6f6fff6de701fc05dd8cef625f86852398aa631f5c1b423fc91eded38faa15c99699919eb82c49f1342fba39c8abef35d5fde41dac1dbbe904f804d46516436 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a152df24d1aa3fd4a57319ae1afd96d |
| SHA1 | a3521aa71c96006e3ce9cc466250fba86e51939c |
| SHA256 | 686560733666547f5774527e6cdaa06caa4def57ce4390704595306a54195c1c |
| SHA512 | b6757e6e710c7d2951dbcbf83571bdb2c9b15d12a6c15c54e67319f1c29683b17a445953fc60430734d17d6eedea045017f7e766a3ac2a066f2fdbe248e25b03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f3bf7573426f94c9dc095902a3d016b |
| SHA1 | e11c4825791e4669f5b1cb76877b4a5b8b0f4f00 |
| SHA256 | 4a44d8071966c283547baae578ade09659d5ef5a3e8ff8e098bcba8ed67c1c16 |
| SHA512 | c1bb32f8027198193383cd5b7756e83b00d58564ca7317949070ccc3743f009fc533ac071d2d9620db8c72cd9408ee9eb6573e566d33d7f57cdf453582338d83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60d7fce059310a66a4bf290665627885 |
| SHA1 | a531e41c4825b4707d031af7add756ac1c67a4d9 |
| SHA256 | 9d34b765cbef3c0c952447db98dbe8ca7893ab3e0386324c86ee801b00c1686c |
| SHA512 | 42c18f4b6513d84f8773a2bc07d4e0d160a51c6a3b17ac00ff6cf9c5bb16debdfbd8d91b7e257e4ff037f6c3a0761087b207bc83464aaaad314331df7cd1a53c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d149cdd00520945bbe18cd7052102d3 |
| SHA1 | 641c15354e8b02050beeacab5b0d8eaf99145e14 |
| SHA256 | 6962859c3edc207658fae96cd9484926056d090320a2587e4956fa62da7bdd85 |
| SHA512 | 8cd8f1b5b31cef8c24c0e7896cbc0e5e2230489378ffbb4e059f6f8f60c58353d961125bb26b6ecb0d1390230b541ae13810c1f20ec0f312f261513f779876df |
C:\Users\Admin\AppData\Local\Temp\~DFB8C3BCC3DDD28712.TMP
| MD5 | bdd9803d5ed64de9f02e2072a95e5026 |
| SHA1 | ec74b54457e12bfd849283f6d692e9fe8a537334 |
| SHA256 | 6785a86738850e47a302aec0059542216c7d30920ecee2d90b8cc10effade603 |
| SHA512 | a3c03f096ad84854a98291445a6d84319149d25572471be2ac49703158712a7ec0f5c7b6124e0610ec76af4b5dd684fabb7e9c1066190f15bb98a7b49d11f08a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0e71fa8e928daf9aa9f229792f85e74 |
| SHA1 | 9e5017ea1153680d13d9958b3592356cad729d4f |
| SHA256 | 310982abc7d3f1deecb8cd6eb53b2f2512829daef942b8c36639319001e51bf8 |
| SHA512 | 83c01e3b4a1a9f56be517f2f7b961cd24ea40e787ca35d93e77a200e63b022676200bc620409e34cf6b9373654d6a768859ffb4e6e76d6289456e5e0f56367bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8265f828086f751940a398682dc7da3 |
| SHA1 | ad2e717bcea8c2ddaab5fc2c56b2002e9fcace8b |
| SHA256 | 630681d76255db69aa67d96eb66796bc55f96040383f3769c7dfb75b843d4d9f |
| SHA512 | 71f2a1a7e720fcffdcff6f6cb4770363675700695aad4eb40ccb35a9a23969f5c705f494541db94884563b87c6682922a9c7f34494779c2910c6dda9b6ecf69c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ddc950b90e6c7b5a6045d1236f8d6768 |
| SHA1 | 3a2d339ee1255856550b0d5d336b1e50bc98ef81 |
| SHA256 | 907066aff98896c910f25ba9b86f482612d26c20d5be66d31d367a0baf183f98 |
| SHA512 | 77dc414d63d0881c1ca5727d010fec68f3f5a5e7481c47bf5a209152ebdbe2a3d8c0dc26fbc7f1cc3c5d7261db04db21470139ea7956906b00cc939a7725136a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9370658565c4795a43b96d3427e775dc |
| SHA1 | 3edb8ee4099a03e61a149a4ca4b44cc58e6d7985 |
| SHA256 | 08ffdc10b4b9586e68e16f42a03a8fb2bdc60b4b1b5efe566a71de17bc08f068 |
| SHA512 | 0692955b965fd4753a81f46ee494fd532c9c449a7e5794ecc05d17ac11fa69ed79e8df9ae6405971232e7b2dd38c6df7c753a42870dffc9438145f38faa1f029 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82356a43fcb70f529979efd8ae837201 |
| SHA1 | a45f4e61d05546c62e666fcdb5c023a45d9d2394 |
| SHA256 | a864b35330a9884b0547318dac8f4d44845deacecc0d0aef36f0707dc686a7fe |
| SHA512 | 61b9bba8bae6abf34726539e42cc79f1b37ea48ebb8dfe062307503191399a280be20520a5990cbccd4d30c4ecdf07915ecc6b1e1e4c577b81764dbfc88b42e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d4a0b98ff535182ea85aa101f678927 |
| SHA1 | 2749ffbbaa3177f2943ea9ac3815d63e884a0fa1 |
| SHA256 | cef20e3e522eb75b37f1fd4ef9027bb68a53d17818d1b33e69afffaeaacf196c |
| SHA512 | ec57205a7f0e8fe98dc1be7e0fc8d2f778016c4bcb6a9e0943c5c2262ef53fff27ae8fadce1bcd62f2199785c29300f04bd1061bbf93094624e47b98cece2389 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f66244c9aada5633ad9a9db704cdc74 |
| SHA1 | 5bbafc22e415bfafabd9f43f6c89c6ed90209839 |
| SHA256 | 712e3755b4a967822e1b3b9e59df25306ed07a2e7854f58241f466f4ce4f1c78 |
| SHA512 | aa048d9711de4ec98c52a41382e631c36c6bf066a6d530ef6511a6957cb3aff03389c9b3fb417a1f6a26b6dac8be76dbe94eb1c3ab9edc9f199628c10c46ed2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0a2e3c94db94243fa9a7b973c0b511f |
| SHA1 | f68a36c179f00315ec27ddbc9e3a79cf757a7cb2 |
| SHA256 | 53c535c3f0338361223345443f0d87c9b00abe4d6391d31ef462b42c2c71a2b8 |
| SHA512 | 9f7fcc7f1c9257ebc96020a5c4b32b1ddf9cbfcb00d7e1431cff1641931ed1fd8b4fec07abd6ea770c7d04b49baced9f208ec8c96f40875dd2265fc3188d9cde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 140b67f538e65ef4cdcd926d901838eb |
| SHA1 | 480aa2c404736f3cdf309a60979357db77d8fca8 |
| SHA256 | 98dddb4f58173faf151b26a23a735e60b21e08df4eb1a3286ee44d90d10e535e |
| SHA512 | a9ef4d392e86f55c52d5869d7b1429cf14b74fe1d91facf84cc8c8fe50a6764d5cc41c33c785f027aa37569100e55f957eee540f33289dbd9b6560261371cb22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b5d0128538ddd68e096a8d3b635bbd3 |
| SHA1 | 4235d4fcc23a82a7b0a633b593d21488db9ad772 |
| SHA256 | 310a00291c8e21d30d2c0f8e33362f44312ffb9499a101dcc1bf93f1f0f43ff5 |
| SHA512 | 791115a4944f8e20f07a7ad3800ff624f544c8212f3dc8964b1d7177a3f5ece32d4950a3455efaa72ca82c950e761bdf8aff76ed0e55b13643fbc914afb4578a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a4ba7b3be0a44cfc0c32ddbc56e0751 |
| SHA1 | dc2b8807d03eb0be913ff2320fe19c27c2bfa655 |
| SHA256 | 0ae162ef4e907a0157cb08a9103f9207956c98d109ec1b53c50ecaf98857cdf8 |
| SHA512 | 0fa56f6c9fae628b5cfb225915e03ee072c606132832bd2d36f6eed12828cbf400565193847062a5be87ff312f2c16ee4ac1978ebc8f7dd90fd5f6ab5b5771b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7cd3b5dca33450cd89b64b12dc2fa614 |
| SHA1 | c8994d772a1ec1da60b7d6057f5f13fd37e741c2 |
| SHA256 | d2f03a88f86c0400d4cb24ab4c792817c36b412a52f2885d6d5ec146fcbf26dc |
| SHA512 | 8f4e8c7023fbfea211e5d30d7f364ec5c5e45c5f01489e54bf579383af50814c83fa859f0c180a8dbbb3af299565e2a94adbdfb7cef35c7c4405a16c0298cc82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 790daf0dd8677add1a7864a181cdd015 |
| SHA1 | 41f6e3054a3811ae16d4df4e7c8f94fe0732e546 |
| SHA256 | fbf89fc77b0eb6ca37de6ba3f4e16afe6866bf717308bc587210d59d027a179c |
| SHA512 | f462c3d3461f89446715d28aa2b8ee939fc95fe05755b7f60f9366c4231d36c81334a47c987d8d24dc1144aa841bee47d4290d4cd198f1fa3f499ffa46120697 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b2ad74703e44b725277c5adba106b90 |
| SHA1 | 31300f7726545362653c4cbe0bf66b580316c550 |
| SHA256 | f7ac16eca430f69b73f7f2bd8ae522ae943c6962b651c95e2e4414b750a5b14c |
| SHA512 | f00a8d5d1cba64e01d27526f3c4c38cd58b21f928c793a3f40d637dfe14a21f508d960d2a30a10abca6aedd8ddd1838d294c256cc3a0980bfc12641038547950 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd2bfb94ec4fb76b59ca6c13465053ca |
| SHA1 | 86bb40bb010ac969c16984215e1ae0fb1a000a45 |
| SHA256 | f818afac10bf5cc8838bb063f010cc42c87b56dd60ecbe56d68786c39cbac524 |
| SHA512 | 2ff6a7749d81ba62ff9b6abb03c34a674688a5ab2ca547e096827935ae29e38a75ec480a496d4a804a8c4f3f16c748a86ed14f3c054d8355ea0990d7c7cb9412 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12ee432fdfa4fb4a10c589fd22530048 |
| SHA1 | 090c829d31b73186508ee0e923f383ee69e39263 |
| SHA256 | 49e98c8777a8e468f5b912f3f9ac818606a45bd388e644899a231fb52644cee1 |
| SHA512 | 72fa534f17083529e06a94b0a698ab7387e0f1c92cf17d54f3a1f2b9c8c2a29f255578f532e380e5f9023f0e3938ed0b190fb7a9473dadddd116ee02e3cbe17f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a1f23d5e7f0c4db2fbd6eb565f43ccb |
| SHA1 | 0181c6bfc94aee4f8aacb0980f7f467fb2a8f5dd |
| SHA256 | 91d3ff4df1dbcc151bb89c4fa56e9610364fb9dcb9febce5cbfef18113aff2fd |
| SHA512 | 5b33aeca3d34aab3c16e102b9efe4f1da68febb408d74bb43ea98d05f6ef12386d6d26c2fd3bb834378d5cf7dafb8aac08563146996d66ca26a5fc20c9e2df95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe94de0b171734a03e9fd9c85cf2c90e |
| SHA1 | f47dfa016775484e8c94065729252979ff2f2a14 |
| SHA256 | a09663b0a6700bc02b307441c39e4baa0b4448cbca4ef955067e3404df5ea334 |
| SHA512 | 1d8f1bd4615e8f5fbc99234e894d21dbaabfe2363eac20cceb103f2ec79362af555320c714597a5c821c093845166b041a59f7c440e7e8974ec30bafeb6361a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8dadfe68a30b453107bb327a4090ddb |
| SHA1 | 1dd2f47c52f428baac075f49cc08a463ab081cae |
| SHA256 | bfee7865633a624a1671c518af4167bc028647c5d32837456b043790bcf500b7 |
| SHA512 | 9bcd5c9e173567bac2a714a2c52c07e11a77d2dde23aa59aa8a2333156386217edd259ac7de05b96f0a31f58f88e83b824db9d5e993d712a25bc657511f5e2e8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\favicon[1].ico
| MD5 | b939aee911231447cbd2e3ff044b3cce |
| SHA1 | 0f79060358bea92b93ded65860ffbc9ecae3dc14 |
| SHA256 | f35fe126f90cecbb6addd79308e296e8409dbebf6bc589c31749e67713e9bb3c |
| SHA512 | 8053232364d54966f4b8acdf9af61a1366bae09789d6a76b8e723d7c3f96287460248eda12083795766809569527f4821f7e87ca4a644ae900c3df33002c9977 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\bl977i7\imagestore.dat
| MD5 | 462194c9111e97e78ea4a7412e2331ed |
| SHA1 | a66ea490b6f804ef975de6c5c8bda28f991455e2 |
| SHA256 | 2d7cf12100848bb7123f27e84604cb35555a8fc223f44af0e3af21b7a3cdb84d |
| SHA512 | 778d5f6ecf3e68687129da23d45da7cb962b8d6f2d4dab609f2749d6b06ef2b394a727e35ff3544e342dfc7e316a75cbd62922fa35e17a229ad3e15549460868 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74f4dccf2cdf729bc9dcaaaf73b400cd |
| SHA1 | 482af6758ce9bb49a027f9eb76ed640997a40988 |
| SHA256 | 13befb9a291721f3dd5f77747f7b9c3f62d3df8403bb715667f4d00ce299bb8b |
| SHA512 | d56318593b931bea2ef11400b1c89f426e8ac04dcc9c568da8c072323f11633280602b0349e96d235c9e74d2d76a90bbb2d4fb522609976da78b9382c81fa0f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d5c7c77992a03046bc1cd7772dbabbd |
| SHA1 | 42e2052069b147723e76be6d55a90a5282b1afa7 |
| SHA256 | f7dada9fe255009c46ea37bbc64c0f02c00f9c4180d5b5c8e5ddbbca301dfe60 |
| SHA512 | 7089873a9baaa0037bc34111773dbeb2e11ddc9188a1dd5ced67e3b0557ed78598e84bd000ead6118ac9cdf96c3ab323ae497197ff93cb7153dea0bb3c9db1b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c560f4bc2f2397746b38a69b017dd0b6 |
| SHA1 | 13ea755d0965107b44dcf4e2c933d572b82beb40 |
| SHA256 | 532c4cfba2122cdfe3e02e24ebf5000a0246bc9383dcdc60b98128e032e24558 |
| SHA512 | b6c13a8adcf13752949caa83ce7226c21756947fe9d231f3ae6ece3d1ba2df1bb463bcac947d45fc8371da39cfab63bac28c71443b140d707d10342ceae861df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92df2b6baf8c2d08f6fed0bc52a1928a |
| SHA1 | f18217648034aa2fadde766c2ebf85f8b8d9ce0b |
| SHA256 | 855b5a762d9e070655b0297746a239d071c3f9542026cbb2ec8dd841198109e4 |
| SHA512 | 212c985fd2153e36b85d7ebb49aad0888968866a770188602c8559028e3037170a8d2d6f6b871f4e3fe9c8c7b41ed1e4e6ffdd274fec6f597f1bdd81fddf1059 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fed67a7baa43ad353b57f5b06dd37695 |
| SHA1 | 263d8ca7417f1fd40157f2ca723eaa0155aac702 |
| SHA256 | 637dfc3012e9f01973ae5af2f3fb29aef36de0a5d365b13537d7ca74dac0658c |
| SHA512 | a8a7a2d6d1a3041c3fc21494d95ed3d2b5f1f68acd049ed4c99f76fca85a49535c0768cabf0a48d18314225cfad6efca38d9e6cd17f262120bf66a72425cb34a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e20eb2540ffe9b6a83caa2f94bd4d0a1 |
| SHA1 | 79ce167291fd9e65a3a5c9d87c7d956e816484d8 |
| SHA256 | 98e8834dbc47f9446827f97deea045b84374ee209478b60a7ec516317ce802ec |
| SHA512 | 98f567aab32194a033c641e51fbcc2e3d6a16ebc5c0614581c9be9e60515eb1c053d14d35bdaf55851415f3c3b759ac1ceae65e55ba60911d8e23cf6c3112a24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65a8bf471ea66bf9f4762f6f984b36d0 |
| SHA1 | 5214938cbf770b7f779717e242bd6dee9fb3a257 |
| SHA256 | de59050317f02617e9a4db05e36d68c11ac8acdc46a2696c3910ab4a9030dcec |
| SHA512 | 4cf01a77f2b76205b49017af28c50234b1f10c697234231ed52a3e5e967c1d5e9772b2858104f4f12534cb26835bdb70d8b2c3e1f6d4ff0d236a2305cb9cceaf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee7f522836e52996b80d03ca303aee55 |
| SHA1 | 9af6bc9fd69e148ef5fa414f5720464c37ee02f3 |
| SHA256 | 3321aff275dd923620ef42efaf5dba2f4f70c1de6a574d896742ee1f68814316 |
| SHA512 | 775e0a2deb82872766bf8a39ce39da06547d750b75340977061d0af87cef17239410033b225c8595e8c9a756f83dc64df114ff7068c4db10b30f71f8b74d05b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80ff8dc49ebcd27380fa50bddae2e69f |
| SHA1 | f749d546281ede0333fd289764d8ad9dc31334e3 |
| SHA256 | 5ee976956a35e7cb1ddb99a747e525c633888655608f8750b7f4921ad446b1f4 |
| SHA512 | 507fe646fd4423fb85a87840d420c8ab3c4e83cf03ef097f0fcce2199195666e792b99ed6f5664b3c61c0f404630966e3acbfc74e5984b5d12e1286c5f43f276 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8363d60f9b9b19d6df8e39d51fbc531b |
| SHA1 | aed2cf24ee07b888eebc243aba64e0ad937eb21f |
| SHA256 | 0faf80bd84b4481d1d208bf9d9786895887e27bcc4f5f185a084fa904602fb78 |
| SHA512 | 5f14a8ce2b72b10761348dfc6d69feabc012f3c9d5b02c0daf2520ce6b817681d52eb909e086cd0954f50506a4b8ca58363c935c912b7e1ca9411e8e640f9903 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e1b3186b6e131c4421dc02e75e56517 |
| SHA1 | 49ad660972a6d60ba3407531604f42b2ab3bea9e |
| SHA256 | c6dbfe671eafbd16178f278f4169d645b0969929c1bacceda25eabb726f469f2 |
| SHA512 | 07c5320065915d848863cc35cec360836b319cca6fc3c9504ba95c544e812d25991206383e36297adbeb5129dafeac9f65d2bd007bb940b7bf40858f4a7d6ce3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 550076fca629abceca141c05cd3a47e2 |
| SHA1 | 3f02ad2f2389ee569705f0f83b9628a9e5a54b7c |
| SHA256 | 73b7e4fd6312e7951157d2a373ca63f2f45611ed4188a65b107e11a40949089a |
| SHA512 | 06ed0ca35b2d8c741eb416079addf04048247e3eef9db40379131741b74ed13395278ca4bd86211ac4dd5c808341cc8ef635499cd3d78e716e149f17b1fafcf4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 842caa2e1f9aa684c07e5e6b04a3d282 |
| SHA1 | 4f85b2bed002b4cfdd0ea1dc4d523cf93c1cba5b |
| SHA256 | 0e6c68b4c96c4b3910517e2d5dd3da47ee29afe64e4b7d04abe04fd7ce9381a6 |
| SHA512 | 5484342ba48f6aea596db8c7351a83734b043e447b0bd38779e63b00b96b90e0dd31dd54d2e10a10a26a0f1e870ac083b956584002ebd47aed5a7a2c081c318a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f932d985add90c5ebc13b1cca3ebaaba |
| SHA1 | 9401227cbda4127afc7628fb88181f412371c357 |
| SHA256 | 6602028533c33518d6c58bef2533fd740a6f7d99cafb6b364ec0b40e9620c768 |
| SHA512 | 0d86bfa5d6ed01cf738a6c8e487396d628a11aa2291cf6cee6d2e1320b7737792dee3a3d5266c97400cab021805973eceaaa8b420316d1d9130902d4e4c4e4c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2c1468cac6fff58a036c50a81d21eac |
| SHA1 | ca56db92a47ff65399a0558d9f54488507ffa759 |
| SHA256 | e35254d83f2f1739ad1b9bd573ca273cf7dc1046797bcd0f16ec190dc6b4f962 |
| SHA512 | 58d24ea84f1532be7040cf5a3fbb22d93d8f0cd6254ba867c72fd959f90bdf943b5260b6a206b767a3b414231987be9fc45b7edaad19bd420d85babf84a254de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 353319b47645072c627df283d40488a1 |
| SHA1 | 4925af4bf4b60a0db09bfc5ab4d01ce22ee28fe0 |
| SHA256 | 85e8fe72390387339a85790dbb390a6edaa992b2b3c9d71b392b358e489999a3 |
| SHA512 | 8e3d25f3c062a00a17198269e521366009e1afc32b016d19b2df6e5eba71695fe8845591ebe9e4e0065bcfc55bcc885910ecbd137ed698d36133dd2dc0ff7483 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms
| MD5 | 49c87651a836e57399fa4fdbc5710160 |
| SHA1 | fa71195df448535c6ad15e998310121d59a254c9 |
| SHA256 | 03c66cba68b127fb45ecf7ac0a03cc43f850464cbfa23f8a04a47a024c5fdbc1 |
| SHA512 | 9f4e5e56a7de2554966d1c2a33c0ea10d543c12cb84abf0de84bf22c922548ee2e6f8f26a7151432c8382d3e766fcf9c1fba73d57ef567f4c434f0f885e522f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a24cbb15faadec184c6cbfcad9fee6e2 |
| SHA1 | c23944f1a8172d020e8c16a8d60d0258a9769b2e |
| SHA256 | 0c591a86c2782cf4874ead845042afd1917ff0d82d4129b21c6f1282057e7970 |
| SHA512 | 21a23ebe2e9ccd8e5675742845ff351bdd22078ad9b48f5a7bf026564dd9f14ef5f71dbf8292de02ed2d87bfe57e3d0df749ea300d7dd868ce31f57e667836e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b30141d2e4ca83fe7f292abd86ee083c |
| SHA1 | 3fe1815488ce8d6190d082effed3f2d8f5f84c72 |
| SHA256 | 60176ff335d6ec463d1f4397764dc126b0a75ec3ac89d3e8c09f17f2cadffd38 |
| SHA512 | e1177a850722da8fb2e940f9ed345dada52aed8e94fdf0f8cf372702b65567e75dbd1d782fd0687ca2eba2c5230e093fafb0748688d8f38046d19a92cb88870a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0932960318747267c18e650dc0c848e4 |
| SHA1 | 76f62335afb86a6c2061e27ce368cb3239311472 |
| SHA256 | b3faaba98dfb19a1770177aa62e31b8968582566a7108ea9d548f15396ddd41a |
| SHA512 | 499024e4ace9140e76680eb5878ded1a91b0b705572bf17c2cebe408995a8c233fcf96027748f537ec4612223c0920f365c4217f852d6c4358219a167c7e658e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b06afc8027e804680adcc21dad14b5e7 |
| SHA1 | fcc0bf2348be7b73dc320fb43817ad9a59086ded |
| SHA256 | da7e537b7b676ea3a3743588441e1534c3efd54b0d2358548ccdf905e83f8c99 |
| SHA512 | 0e00d51ee6dcb425e36b7f364cb1f54f059bf43d99ccb512a4f1fbd52a8324f19ac7fa67be2b42b617193cea736cdd730c363c2a5120f963943255fe477d3064 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de2801a949087b22236d1c1681bbd6c2 |
| SHA1 | 6c3012c405f84086ee67c20a0f0573f0bd10f9f7 |
| SHA256 | 7e7a2a30e06e2a076841180524f31c52eafeb398b1eb8a341026729ea8783841 |
| SHA512 | ed7a138d03fea8b3cc826cf71bab79df00cebac8aaa4c28e42c9d3886c45bcb6446ff6224641da6d3cb561bfee9c4da83eb628ea2bfd08d1893ab025131a880f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2f0041220c4906bbbdd3837d6474958 |
| SHA1 | d9e0173df428aaf11d7683848e2a57d89974680f |
| SHA256 | 70a860b13b4010cc4294291fc2bc8c854b53b22e2c915c2be1dfe05b0901272f |
| SHA512 | 3fa1bc6de81277fc48aa8eff87ecbf4e050aa0f5dd381b7dadc7edc8e7b4e6c3de7af2357781dbebfac890cef815b8f75ef125bf8cb4bf1b798d962d3b392ab7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f4f135702a92605e3488e1214479741 |
| SHA1 | be43e193515031dabbb1da1b97de4b827cf602bd |
| SHA256 | 532978e0c68b1af0685278600d76b62f5fc9307ed926f0940b753ddd29430f13 |
| SHA512 | 9037e61ef0d4302f49d58af9fd308600d277d501d54881902b275aeced73fbfd1a2e9a00ed2c836da081bc0fe866d22b010a59126a61c7c98b9207c758bf70d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c52bebb5d7ece6f6b6136cad7ec3352 |
| SHA1 | edea351f7510f9dadcefff150261135cf5e0867d |
| SHA256 | 5ef8f7ef7c60003d8e62475b19f35d19d1be36a995224ad6afecf713174de24c |
| SHA512 | fac2edf8a2129a4c3b8d57f682d5c86601ad7fec4813f46cfb7563020f3d0c53e6fb20472f107290832a1908e03b140a5bbf51f707d0501961bc9375e47f04b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f097fa321ae3cffc3d41aa331d4e82e |
| SHA1 | 4911fc022548dd1076c47e6e98dbd10e2af46f1a |
| SHA256 | 2ac6dc842ce267bd7e494decc25424bab0cabab8f7473e78c2349f6131994fc0 |
| SHA512 | 5a48a393d1940574247e55f8b50638e6f4fe3168da30564e85bb8ffb0427b25f03d754426363f649ff66d1cb9721154c35e81ebfe02b342e2f0ed0cef3e58ac8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a490e0cfd18ccfd4c4399c1fb6117074 |
| SHA1 | 167f9fc8aa1febfba0a54c83109a67b77ef23403 |
| SHA256 | 5ffddd5559bfe076ac8ed290308902acb34647d2cff334cfe921dd858f336668 |
| SHA512 | c3d749868d8a12bf1be7e81b25966dfb7daa9671d1e5e2223325a4f569d8cc17a70af2d173db2449c7dbabb86d590c93e05a469b778d60b153739d088fb646e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95b35d74e1c48141aabae4c47e089558 |
| SHA1 | c567dde65eec7bd07d99a537d8dcec9c122da0ab |
| SHA256 | a9da72859815bff65d04c10bd789a3f2c49be1f7686cd1b6fe81c86ccb0c6ddb |
| SHA512 | b840ce7287b30ec83ed4ced2527ef2a5790c57a8143e80a89d421095f48515bd893232e7c0c7a87306e17de78d4660d7641dcdd42eeeea10a245603aad0f7e09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68d6c9d291a71777914fab87f6405435 |
| SHA1 | f8591228530ba0f29c403a066c7caebe8094ce9f |
| SHA256 | 07e6b22f4e3aa0086df9a540ce70dfa33910bea3d3b3c6ab055deb2f910ce3f4 |
| SHA512 | d870c8097a281ba2b54f2a52d82d1f99534e46fc584e8da8a5da9d6d5b64021e291316430366fddbe45316844aa53dcd523ca2df271ae08493de8ba3604cb5d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 534996d0d04a54509558a2ec1210d6d4 |
| SHA1 | 42b201fe0f8f3b8ddc4298633fb64e4b3f3655d3 |
| SHA256 | 6598fc4539a38be83e0d67f0420398724f74a00ff695b9019d4dbaf1902decd4 |
| SHA512 | 872faf302bce49a0e7b582175b7297a57318c837c3c5d334c6ac2ff742e974f7ec547b920e9c0d477abb831c7b15f6a3e3c95730234726e337d958f0286291d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf290a086d7b9d83e491115be763c0ca |
| SHA1 | 79f3be76bd92c794084404ccbbfc8bfc36a25c06 |
| SHA256 | f211324e59f4c9cba02287ae3e54714cba0536de7d98742361c89f29193e30a1 |
| SHA512 | f61575d27b253ef8c054a93656c5e52391b30251528b492252d3e3883ff63ffb65698fd8ea4bcc288ef2b1d0c41cb65ae64d00c74efd7efd490d758098ce6697 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38ca87b8377b4c552c073f01662aa776 |
| SHA1 | df8cc2fd58296b105096003a74b11275bdfb388f |
| SHA256 | 0acc69fb18c1197b685e122d1e9811feb9e2970090d123522bd21c6f5b6b8464 |
| SHA512 | 538b376c0fb60e7bd851ae761dd816f26a7243c8f48865f9634789d309c159c5a9a39c5106d6a7bbf329ff5aa95a81d3df0be7b2126bacac1169c3a7355d4122 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8a2868b15fcb30448e2533cfe9a11f4 |
| SHA1 | df9a5b0c484ee1267c1a238f736cfabb7ca02c01 |
| SHA256 | d5878ff42af255b411468444e8b0fc648a1e1914f1d788f7ca2bb017e9c8488c |
| SHA512 | dbd44820a0c561cb4c3f25c38026da3e71d9631743332af6412be0cc9bb0da9e3fb1722152233533dcaa234c2b1b6ef211272e7529f4c6d055da4c1d2f5a5885 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0815f88d486574790fbc867271b014f |
| SHA1 | 48b34f3d128b01313215e88251c36956509ecc01 |
| SHA256 | 66ce1bec473bd984cab570eb064d442ca441c6215ac797b13cb21ecba38d153b |
| SHA512 | a17539dd439fbefa44e8038a445ad940a6a6f76d8bcf417567d6e9cd91b27f7700592ee0bbb328227f29b3756f20fd15621fb0f51fde0373d3efac7f2d40515d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 718c1ff7560d78e4c236653808f15752 |
| SHA1 | 22ed07fb86bba2c737d055cfedf961b82a67452b |
| SHA256 | efea3e395966dcf9a112431e4866410a530fcc11fb6ded11e02040773ca34d60 |
| SHA512 | 524525f59c0b788ba1af52fed2d87dc8b1497a3090f2df5b5d864c84654af64b514a4da9985797c520bc0e421a4d38d49714e80e24ea5bbe20dfab9224a78acc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30a6d646b074c373fade76bcc5befa27 |
| SHA1 | 5a8842adc0da46ea6fb085b72d0421c72cd30ed0 |
| SHA256 | f49425dc589531b6ce567c6f1337810923b373a05f411a62fc74fe2cae099c87 |
| SHA512 | 858caa073cc24f103ab9e82c9364cf0f2484d1d18ecdd7543455e6d364d215b36f2e666df169b7d91faab5b53e627cab4d9c1aba26cb876874e39ebaecd2361b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2ca8d17575cb56d02de8dc894b586e3 |
| SHA1 | b6652de02d4899b5008997f9da00e106eea20b3b |
| SHA256 | 2b715bb9623b67e6b0778f6a7e0c6d9596fa7e6913c52a16fd3ae125b1452557 |
| SHA512 | 2e30f5a30aa3a7d30a46bd1d64d0453d2464fe8b2514c790b5a794ce5126bc0b1aa35a7a269a19fc5e55e6315020e57149002b774393eacc36c8066238d48ce8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bd385abd666daf552f4bc7f135d4b94 |
| SHA1 | fab6f6487ac7140f769b8845646bd575da835066 |
| SHA256 | c89530a0cd6330b2d2c982bfd0ac2a2c6e7496dc094afe0e2c9a717f1744f5ff |
| SHA512 | 9a92f4bad422cd18a8f99850f99479755c7a1c51cae555871b8071e4d4d51f5f3d4bd4ce01e87972f23321319961ba9a9aaf14502da44b6f97bcea5cbe5df6ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4548bc98c00cfd6eab2bce67f44fa15b |
| SHA1 | b2a237605d60a59772e60475363f5d1651e85626 |
| SHA256 | 9ce036411a26c655e4f74b2117335e8331c404da0fc37ca1842f834ed2a0fb3e |
| SHA512 | 7fb10d1eef2535c711dec71d81386a8ab9310bb7a202a81e55745814d7d9631e11086ea28ec7b67dd01e97c3017199b86c34ec0ada2c4df18454c7f35f3f9696 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6afacd70a17f3109b38129b280bb0b63 |
| SHA1 | a5131caacec0609f4637b1dcd49680c3c5eed2b0 |
| SHA256 | 7852135950f9f7cbd957e757b741765bc452054868affab5b8d1584c022188da |
| SHA512 | 40d445c2b0de4d2060e475eaa4d9c7394d945676e37417222787454dfe703fbe443f52ff6cdaf96499027feec63eeefdb8d6b7499845390aaec40a985740520b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31db854a7ccacf5a801c73e55ddc5906 |
| SHA1 | 6e0a31fd2938ba0eec655f15cd275304a309763d |
| SHA256 | e3dbbde8ab3e552b2974c610d65086a5e86e94c21ac4180a525e2169213847bb |
| SHA512 | 6a0e2ecaa55ab5d921b3cffbb8f18941c669b9e4bbecb3e0fbdbf590b106ed31fd71db9a0b1ad41c43c99a64e32e1e92529bbb9fcfe2021b09caa93d293e07ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64cc7806c2312f7057818f8428b325cf |
| SHA1 | b59855820baa9dcb969412387879e53fbe4c8afa |
| SHA256 | 3063237589134f38c17599694d47c9b8ecb41950ea774234635460e461f855ba |
| SHA512 | e3533bef63e1d40885471ac330466bef61b7614656689856a36939df16309b21d1261f9e856308ed1e1af208374e669d2b096e092a0d55ac759dda7014a60068 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01dbbaf1cd7cf3cf2d6afc511f6081c7 |
| SHA1 | c4140b5446e296b7293df72ccebf49713257e16b |
| SHA256 | 2d4b3a160708e8798d92a90491c9abd7ec07c233045bb399fd00a8481d08a9f4 |
| SHA512 | 75a7d2308e911836826926c0a897fd6bac257e690aa3d743c3dfac806048c1069a3c94a5ae45a4570b54540ff25e818dc739058599271a5d034f99579ba39573 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 625cd660dd19440c3f12b9d7b229f01b |
| SHA1 | 12e507753fdad45a1db894a4782facbf78dc0de3 |
| SHA256 | 101dfda6f898dd7b431cf794806c8888a250c618c5d08c9acfc33cd9a4ac96ba |
| SHA512 | 17fe076db36499b87790dc2515a56929b9327ea539e2b9a6a0e7ad19a99f9fa6d203e4eb7595fd648b223792bfecda16830ab13215fc06dbc7f9dcd5afdb4396 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48c28eb789a5264990eeb390fba84739 |
| SHA1 | 9c7f4cc5b10af794f12d163933ccf90663b1b856 |
| SHA256 | d31f96661941ac6184aca3bedf2c180f3fa1391bfefde895b9330111f4778424 |
| SHA512 | c711b28a0c34d07e35f75799988af3e777d6971188472632c97ff5df79d6a8b2a893e4df1330332157b8c20632d1202a4f79c1cd374bd74e2cfd6060201fe8f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35c7146a521d3424ed0e79266c97b4dd |
| SHA1 | 1e066ea18c15338900453c7186eec43475c1c235 |
| SHA256 | a2d35a2ec29d7ce3684730354091fc2fa11dd96764adaadd5eadd1f6800f58ba |
| SHA512 | aa68fb67b9e95c1176003a3d7c3e8881f78dde074c4a939784b32b585e4264565c61488a9f1304ac5627859cfc6995b75d94a6dcb7f00171f340817cd7146f3c |
memory/4812-7417-0x000007FEF5950000-0x000007FEF598A000-memory.dmp
memory/4812-7454-0x000007FEF5950000-0x000007FEF598A000-memory.dmp
memory/4916-7468-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp
memory/4812-7469-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp
memory/4916-7487-0x000007FEF5950000-0x000007FEF598A000-memory.dmp
memory/4812-7488-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp
memory/4400-7489-0x000007FEF5950000-0x000007FEF598A000-memory.dmp
memory/4916-7494-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp
memory/4400-7493-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp
memory/4812-7495-0x000007FEF5950000-0x000007FEF598A000-memory.dmp
memory/3908-7496-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\dnserror[1]
| MD5 | 73c70b34b5f8f158d38a94b9d7766515 |
| SHA1 | e9eaa065bd6585a1b176e13615fd7e6ef96230a9 |
| SHA256 | 3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4 |
| SHA512 | 927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\NewErrorPageTemplate[1]
| MD5 | cdf81e591d9cbfb47a7f97a2bcdb70b9 |
| SHA1 | 8f12010dfaacdecad77b70a3e781c707cf328496 |
| SHA256 | 204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd |
| SHA512 | 977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\errorPageStrings[1]
| MD5 | e3e4a98353f119b80b323302f26b78fa |
| SHA1 | 20ee35a370cdd3a8a7d04b506410300fd0a6a864 |
| SHA256 | 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66 |
| SHA512 | d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\httpErrorPagesScripts[1]
| MD5 | 3f57b781cb3ef114dd0b665151571b7b |
| SHA1 | ce6a63f996df3a1cccb81720e21204b825e0238c |
| SHA256 | 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad |
| SHA512 | 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa |
memory/4812-7515-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp
memory/4916-7514-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 047516672ce7c51a0c91a6da53b02652 |
| SHA1 | 11d7b90e14c0c350d18cb50900d94112757720e4 |
| SHA256 | 9cca0a198a67334413001b12a99fb34aefc0fc4e8386e6f97609aed178c56272 |
| SHA512 | 1e661998ba61c2c9a4e2420d9ec8db2a00fd047ee0312a1c0761407939869b20ded52ff378299301f4f249a9df53411be923c93f207033ff710170bd34a0a9ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 549bc530292b2f817d14b5954dd3c46d |
| SHA1 | 31372e5cd0fc4d8f40b2eddaa79caec9f3751910 |
| SHA256 | 8fc948af1fe29267b1fab456ebcf58efdc207087e78f69553b24f8b5b9989e2f |
| SHA512 | 7498e28f7e2e0a8b0e54929115a8d57a17c39861683d76f4322f1bf3334ebe0290dafe672180bb102b61ae9fa0d0bac118ae850dd5196deb48ff512f4e887b18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46e7755038f017f32ca791fbf46d6eb0 |
| SHA1 | 3988aca2b08d19cf3c96c041a922c76f3c8e68c0 |
| SHA256 | 87fe084c31ba075a6194186bbc728e58712099ea2779cc8a6a19ee4030f485be |
| SHA512 | ed7c0533d49b9f2e77edaa4de4e098942a7e6167fccd66553ee9ce64c4884c1ff4c421b43afe22a6ee55ce854c0372519049149d0c67ad96e8bcd20f5c1ed5fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74ad7babb8196ae7419eb6ea78f14fbd |
| SHA1 | fb757682ba4f344a84856b33e94439a3540658da |
| SHA256 | a5ac2725dcf7091b3157aabe779b0e7ce24ff9df60f4c6f1aa248492d9883154 |
| SHA512 | 74db84d5055d95bd3d4f17e182cc6e80e8733f59e9d97e3cb2a7a09f5247f3dc5778c77d85bdd6d1df02bd10c60c9afdeade31130f6c6f11833b11557a660f53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa19ed68cfb0632187886b928a4c75ea |
| SHA1 | f0d66928fcaa8cab9c8e0f415263088b56136ded |
| SHA256 | f9f0a997db1b1e92a63f901808bb2d09be6842a1634c2154b1d5ab4635a1adf5 |
| SHA512 | 3e51ff9d52d16077a6023d6cfc6667303f3560938e2f1fcb18d766464c24cabc25c271094262f7ad7f4a36ced5f008a8b079e9908cbc68b87140c338d1848c6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5d2dbed99f50f5ecf10014ecae11dde |
| SHA1 | 58c7a7135a0c2032bfa7a273d76c2e6e9f4d979a |
| SHA256 | 04dcae372c31e09a2aaac6779dc85cc09181a35e28ca815b1520e4340f55be10 |
| SHA512 | f0c047cf756e978c83af026e2d6cffdc18ca34a22ccfe9d4ef0797d28d15473e7bd7b625b78966cc2b715389d0a4c5b7a8bb012d14aca2b6ee27b43360ca0f3c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a56fa987806afa556d227cbb05a1b26 |
| SHA1 | 13241244c08fe9d24f5ba91cc13713c75c41b92b |
| SHA256 | 359104ef63ae24f04c3e37de8a5b5a72d961377c3ae4efbc28901ac00bb509dd |
| SHA512 | 663b402efdf070479e2bbe594f5d7bb85e4f14b206b6346c7ddf920aafcd4782cb258fa4c8bcc107a01208a7950ca28ada6a93426f862b76dc46e30c5df5d186 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3efb94ac079ddbdbbd55676dab556790 |
| SHA1 | 9d889f141a4ac065557c46eea95329185783336c |
| SHA256 | 0555bfc5749291f96bc75b5ddfefb4e4889de9bd1ad019e04d2d9c283e03441f |
| SHA512 | 6b378219fc5d8b2b24e33c7bb466aeb7c40fa9bf1ceb6d044ed77064ebe0748d57fedd5ea01411a0f7f8e159d14ce61adc0f4c2f1600b89d410deb8caad22975 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba260e89a3c2a6e34df10f52bb1f6673 |
| SHA1 | 64f42fe45b0a618b7b1d0130cfa76be6819cf311 |
| SHA256 | a8a81c523e273e96178cfdc2c3dd680f5f4d70aa3fa2c4320c517e544b81d1ad |
| SHA512 | b016c19280403dc9babdc7e79158e5cab2a19e8a23d3c9e5a9f347f66366f2cf4be3f241a97453eedcfa87817f6fdcb67f03cdf2d65552db59b351ebda9f5624 |
memory/4916-7972-0x000007FEF5950000-0x000007FEF598A000-memory.dmp
memory/4812-7973-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp
memory/4400-7974-0x000007FEF5950000-0x000007FEF598A000-memory.dmp
memory/4916-8002-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp
memory/4400-8001-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp
memory/4812-8008-0x000007FEF5950000-0x000007FEF598A000-memory.dmp
memory/3908-8009-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp
memory/4916-8073-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp
memory/3908-8072-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp
memory/4812-8071-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp
memory/4400-8070-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp
memory/4908-8074-0x000007FEF5730000-0x000007FEF576A000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03b17895dce4a586a22b2bbc96585393 |
| SHA1 | b2f069cb1235a61fcc9af43cde16df0b38636c1d |
| SHA256 | e24dfb03fa5073626c622771a9a7c3f347d86bb137cc4e50c1e21a9290932f06 |
| SHA512 | d3e7ca5d65efe25e4a1b4977b7ac8c2bc03d6dd87fcea351ec7ece4a1160c574373379dede0f52c7537dc79e86f9e3e7c3fb1aeafa29a7be60241e8bf7c91b78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32387f093d04bf99221c3aab224af429 |
| SHA1 | e15ef57cbeb06d8780c2a4723c80f7aa8e9939fb |
| SHA256 | 8487046501ea054fe1d2cd961f12da2bc572a0278f13373661aa6a1f87805b9a |
| SHA512 | b1589f9a11afd8e7a3908a9762cc7d26afbd9e10cfb992ed2c2d7383945fd67c931aca9ef92b2102e0f2ee7cd8378071be7d3901b023c92066afcd84eba6193f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bfa9efe21f36085b8c1f348e8877b83 |
| SHA1 | 49a0c8bcc8f632a8b0aea09cf46b9d48f9272ee1 |
| SHA256 | 62ca55c92f92bc2b978616373ba9867481d9238e7aa79589e95b9a3b86259c5a |
| SHA512 | 7b3eb34a85ecc5e59bc29dd698e8de1e44f6a566ac3f67a761f24151f750bd6dbd9d58f2a1d59407ba0822e301d14fcc7c344ef8d03d6f9fa8cb5859e4168430 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b710563a8993e28037838fe023013d07 |
| SHA1 | dc70b27dfd1391e29ad384df104c19d3cf9b15cf |
| SHA256 | 2a9f566f9b3b680d7d81939f55afe7f313496a6410de724b8404031104506d4a |
| SHA512 | be2b0171658094bfd1dba905d5cfcdf4021937f5e6ad32a134b00d050107f91c1eda7e839a2f1b83d734602cffb115203b3d2d229458133bae1807081bf8fe5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 282a30d99cd41f7bc6971f14d0a6284d |
| SHA1 | 50d2b9bd57eb6d9ca591377dfa6e7d85782811e8 |
| SHA256 | 22a5bd4720d3895e0e584394231837152be918b3bdf09fca0a957940b0e16b05 |
| SHA512 | 32d507a25b4d04d91dec037a8516d26fffb863f349c22e443b6273ef69a30ddb4ce649ee7112bb29b4ad5703f5a8ad79d474432259755029c93690f44e3d36e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cdacd5f1e58f728b5c78c73699d25ba2 |
| SHA1 | 8c74ebca9d62900a62af38189c5576154692c5f9 |
| SHA256 | 158c78d1149b71f3dc75be280e0f3565b173e2f04d01e0e1055c5f2ebe8cd918 |
| SHA512 | 5e023f61ddc6f8f20bed2a945eed3b37a295dffeb3dae2238712ba92c4f7b152d32358dcf0ccde7d688ad3a1f0460cf0082fdbd8e19850dae93c6d3bf9179be3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f518748b0e9a6b3c15f1f87aaf55938 |
| SHA1 | 60a8a8ff59262e7ddf92a460c23d668bcdcb9ae9 |
| SHA256 | d835febe7863741dde312f822ba65541fa287f26b343968a9705c1854f35b9e9 |
| SHA512 | 708cb7c7be65b87da6ee0bdab820c91f7350f9f12ef9cce53dea0fd1577c8465beaa5904a477e3b4d2579cb6135246f42e0530b7c61a1d03606189b8cbe3fa06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 115b1b9686cff4594d54912d687a9225 |
| SHA1 | ca6235787cbe34f670911b3ccc0f470c7f5e2343 |
| SHA256 | 965cda739e40b1990e7fd71b499b426edc5a5eb1690c8da5f231bf1bf0b8a50d |
| SHA512 | c1bb75e73fcd1e3079e81ec90c6f3143e0d1206dcb03890c82a1c1a7ab3d866f5ed7a29793edb6fde93bc3bc5923eba691f4975fd7057f0536dc64907bb6f465 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89b0b39b16a850418e73d778f181d5be |
| SHA1 | c0cbe9556c22454627e4e2ed800643e843ab9d61 |
| SHA256 | 9f8ebc4e70a58cbb8049e6885787afc670909a60bc57c12a7e544281ccc12f37 |
| SHA512 | afdb43b3f3775919dabbcbc8a4a4ca760c9bb20f130483fecf29b3c6a1487887c11132dd86ea6619b434f869ad8430f2f0a83fbdc119fa4ded919e8eed97ba31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca6ad2815ac4fafb3bfd9ce7370a7640 |
| SHA1 | 275e5ac81e8267bbad5ce569621e4cb617b73256 |
| SHA256 | d9740d0e66b16ab3b7278dde05f50bc8a0206463ecdbdcb14cbf4afe2a51c2ab |
| SHA512 | 953ad38de589c9812ba53552b1c155d09b606d2f7d3846410cffaa71d2a8743c7b6126abd1275024205d5f1d15084c89e6fa05fa1eef3c2fa60403a30b04878b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b22a76ed9f4fec714c68f0e7e8ab9af |
| SHA1 | 6e60298eca7d362c0487165f56e8f179d4887c30 |
| SHA256 | 00d4b7dd70f21d935d63c896789a363ac1a69a04da3a7a52533989d213223391 |
| SHA512 | 88194411da67ee07766d87bb5e716f144dc200f2d977614943196439e82ce1bb4653525f21acc960fdae95ba5d0a73e8246ded1bf5e02ab3429bb83e7228657a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 331c37604ccb9d540e2cc231a802127d |
| SHA1 | ea05e00d5fc4cc5295fccf286e1597b0d2c6bfe9 |
| SHA256 | f26dcaca96726c13a45a75373173368ac4fc8790b53f9207fd575c6ecc17e487 |
| SHA512 | 78a8339e5d96ef71103c66a59f3a63a91a59faaed95b69dd720b84a987c07e8ff25d29a4d7effdbd2338550323c3df67b167bd2c566b3352f8a8f00510e9f2ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e93f465824b32e1bd5f0631b446f10c4 |
| SHA1 | 67cf362d6b6b18c0acbfe91b39d0782b341c16f1 |
| SHA256 | 9223a91816aea4c0b9f483dd6304cec1d88261257f456cc62991085e465fdc78 |
| SHA512 | d84d1832455dc3b1f6d6f603b7bc7434509d75c12ee29a1e493ec3b151cdd0ed6737225ae5d0a17afa19d3c8440a7b473b73eee8733f38de48b80d72ec8f3ae0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a9c193be78d9cec07fd4dc04c2e467a |
| SHA1 | 9479a31d9728d87d280eaba709bac9b9efe4ed69 |
| SHA256 | aa1374460a7ef33c7ad6d701dd52f58f009c375f6b5a7660ca6ef81657dd5757 |
| SHA512 | 8d881ce0730c122668bdc415b49036d6a00d2b5563d9dc3dcc9c81dfe8bec985741160e95d3c5ee665871def9cdb6463a34e65840b207c7c98e18ff5e14f5440 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 759dbbefc2dd8507d4ecfef587d107f0 |
| SHA1 | 6b0a63a75564545d950b6591500e8861522d61a7 |
| SHA256 | 766dec02b88a6a455872fc865c4db56886e9318f5daa6aed8fb06bb6c32a8981 |
| SHA512 | 77b808aba5c6298b86c9641d9756dc6a9d0985e55bc852d1ac61c9a191ae83aebde1f0f28b2ad6343139d8f8d4f0ca627ee5ce8ee870acc5185bb1abf4361bd2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 993b5c5c6638568e4101142168463a4e |
| SHA1 | ac2c3f6272a2aa428d293b29c966e6a1e65245af |
| SHA256 | b30c0ef18e7a357535e65322ba49075dcc6d3aff08ac6d6c56ecb69162771fe1 |
| SHA512 | 165bf708b58f3f3c76f0d5ff2f1e31d72e005c738ed17f8bfa1e657db8de063f12bf40a30b74102f50471afd9ffc232ee0d6888e420f2f425139b59658d39286 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 888ddedfd2fb1508ec3e8a5207d92371 |
| SHA1 | b9360d0d385ecfd604d71159130278e4d721fa50 |
| SHA256 | 3cfcc4940d380745dc46e4527019ef3cf56ad1559021aa6f850b72a85dbd13cd |
| SHA512 | 02f46e7fa8609c85feb1f9dab216ee331a42a8d13a0d6993f393eb3e82d2c7b8e95ca748e1b664c39ca06fe6234c377f3c4f31a10e88500c393cd5eeea497b05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b5ada66bec370a18027367138e15151 |
| SHA1 | 575eb228409795780aa589d923df13dca3ed6ad2 |
| SHA256 | e2e073fe701a2b3ecd23b4c0e2b24c7d38c8376227c4f77c497cb3699364e121 |
| SHA512 | 1ac985e4f7c1130c354a659b6f67b4bfa0bd7bd65d6fcfc330c73f6d086a9b9e21362bc73c38adc353ac9529b4927ee7c67201ecde83860b55f12bc63ae1d971 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c66b1a0946fa9fa337a459f7c5eabaa8 |
| SHA1 | 1d1bf1c6e2226570ec4be3b807700fd076f9a44e |
| SHA256 | f67cff9b1068d40004439f7512a55871f62c6d29f7b58664cf34b584d540746f |
| SHA512 | 8128cdd6136d7956815c6502b8ba88b1c0f84e5a268a65fb5700a9a6031e42195e8415d02446a71be3faccb76787249f380c10168798b962a24eb0b12f7d8906 |
memory/4400-9489-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp
memory/3908-9492-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp
memory/4812-9491-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp
memory/4916-9494-0x000007FEF6AF0000-0x000007FEF6B2A000-memory.dmp
memory/4908-9495-0x000007FEF5730000-0x000007FEF576A000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b92b01f7cf1c172e340cd403bf787537 |
| SHA1 | c62d24cb1138841a67896ab34ad8b1c22c2e3b29 |
| SHA256 | cc513d56d5c1d2e7bf68e17e97bc31724763a10e7ee7fd1eede038bbedff6787 |
| SHA512 | 7a5d8b4b581113e1170549eda744ed59610a9d4c2790d1893a9cb0227aaaf51a04ad31ee2a43c72dabde557aa2d3bae8d051e71a9639a2a107e799243f2ad96f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2db6d2930537c09a467748fe640bb26e |
| SHA1 | 8ac3eb04a05ada4bf53479ff8dee1359ebe9d346 |
| SHA256 | c88d9f3665b678a79948224df8e121fe0bf24c19785fda061a657b47164ad760 |
| SHA512 | ffc9dff64a11c30775077cfc2341365bedae4d719641c2ee0edd8f447eaddd2161d9630ae2b44d747fa6d4a12a9f224072c2d2287f0d73f7e631f62c91118022 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca37f9246e1c03f33d00062d8f3c6229 |
| SHA1 | 504561d7420e15f1271a3e5f5ee2f39e31a719f0 |
| SHA256 | 793a9ed0553ba038ab20ec72bbb5f91ea020f7d9e9ddd2855adea2f2bc124608 |
| SHA512 | b8385f8c1a49a0e23c81a518845a6ab75e913d4dc3d36eaf0b58bd9f40e6be7a90db6daff4f771d378795b38c392c4a2d99a320306bdd6316144c7d0840104a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e7bb2cf292e292cbfa7aa405aa891f0 |
| SHA1 | 783d0142b5173b266b88cd18db3001f4aa579a4a |
| SHA256 | b6315029b6739161cfdb3ff2826f4fcaa99f290a0a1d3d51b89bc909a9bcc531 |
| SHA512 | 6ed6fcee08bec8fabe84956b05557c6e5bad8123050d7cc3df1ba580c613d4975efb0677027b59f9056689e3da5b6195eb66975334e924644fe377225b2bcfd7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afac3cade053d9739ab8ae0576307f16 |
| SHA1 | e3c1504913c96ac826ce72c91bd74682114c081a |
| SHA256 | 501f6cd565951e2003aaf55b3dcdd53bb5384f750b9b60320ee7eb3ce907b463 |
| SHA512 | 8586fbae5fe647ab88731846a53236f25fa96f3fd8230096cc20226ae0d82399f21afdbec13cf8d789b8e497924f0e1200da854d65a5c12389b58f0eb62dee7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1b1c9c9a350a663429b1a11b33b8220 |
| SHA1 | d8781ee95fa91122bb53cff393b20cd55f11b329 |
| SHA256 | 478fcf3cbd39ead3f194007f7ec74b159c903b6fb79a31a883ae4e6ebdb61538 |
| SHA512 | 21ab777007aec0bcdf465f76088e77f53cbbdd4ab12fb7882d07a2bafb063cfe6da881355a16ad2a470ca659d71c89ea2c62adf3654d7373eb44393e8c48283e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 503ac2258ac3f6f00c35920de0a0184b |
| SHA1 | 1f07bae49d89e3e7ded9c430a80429ca837f2fd3 |
| SHA256 | cc893e1c46d850bf12c5027bd1ebab7ce081dfeaf4fe5d95098ac660d1c577ac |
| SHA512 | 32f975b148a37ab3a46f4f525803a3a97816e65923fdcabc7c0eeec24226b43551139ed6419e78bc48c5352db7cb230394fc40bd1ce5bfa6debf89c888071891 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e90fb807b725c27c859b74e3089672dc |
| SHA1 | 789599e6f170ce64459cfb27b9e5cc4ea0a7adb9 |
| SHA256 | 9ae88c3562c5f0f094184ec7e21c0244ddff9bb96a3f17d5bbb231ddfd9d138f |
| SHA512 | b6ffd934c40da1f1c3598f1912c591ea27e9de2c4dbce00900a80df32d37ed4ca33c0bb04275da474886244a9ae527f941c4a0f5447018b06e7d83773f2127d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f29afe1b7f2fb58d26974fcd31da2de2 |
| SHA1 | 7827f553dab5c27b1d1784618ef3f4f217433a3e |
| SHA256 | a4b6902b571a02315d6a6f0eb121fe5f660961343bbaf4cd12bb515423c4e77d |
| SHA512 | eecff721f3b50ebbdb8f5794e442ddb9f87f5df86bbe16161957ddbd4d3c1562b6087d5deb19c309c88d076200cdf01e54c2e3e9bc2391bccf50a1cbc556a1c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dea1723e52c1ba90c4644f03bf103648 |
| SHA1 | 57ec159bb7e8e4617408d039c9ea4a2528f28ec9 |
| SHA256 | 5749e71589bdf60745a79f6ae30dbbc83a4e9392c342da777d8997178316dad1 |
| SHA512 | d7363b29a4e54121a3909f86e79eef0f64a19144f49ff06da65c1f15c3ca1e3336a0c2a8a7c307b4cfbadbee970be87943ca54ab606dc245fb18e0857f526ecb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74cf1426c125ce2b299c04b6aa00997d |
| SHA1 | e33fc4916d24ac94babcc651af4ddcad1b42bd26 |
| SHA256 | 88bc042b7cedba7c91f43e7cd306c307f4065ec60ee0ab4c7569239ad7195fee |
| SHA512 | 1121fb1343bc10ca46c77349b727290e7a2a7ca9e1b8eff433c2621ecbb8ef79829b06ef75ef6b5128000a3e54bd35dc78e2ea76d2585da92d6e27a9d4bec4d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be9b28469c333be61ea3d617e8a4c7c4 |
| SHA1 | ed75a755e1a7f47e26dcd17009c1050311b70b0c |
| SHA256 | 6fa5d422dbe65b9b32528f2248571eb407ea30f6bca55ed1275e8d97ed46b837 |
| SHA512 | 27045d4a8239929694de5d2d0b366efcdad671b882bc4a6ff5c84608bd0e420757b742c6ec548eeecb96652991bfd6db9e273b5b4140ccedce52c215517385f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a56da807ad854919cf3860623171129 |
| SHA1 | 4001cd2c7c622ff5f150c85f87c78fa613478c8c |
| SHA256 | 455160c08da42b66a1a5d1c9c967fe188419298207e83d519351478e61606928 |
| SHA512 | d3de64f6732869df19990ea71b7e55eb839d1824ab72508ac3707ad0601b885578505ad5971adec02dab88e614ce32a7780b272d9afb386a2298c26dbcb1571b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c143c439734d2845ee2c68627918e77a |
| SHA1 | aa3759bdf46f49335b6e3bc0501f85a3dcdf7aa5 |
| SHA256 | 145c323fbe59229b92dc8c592085c49afc9b1a21d3e6dcb3ac4b27ee715a0776 |
| SHA512 | e7573003017db513808010d36aec1107e051e8cc7e39ca175cb08947de39e72434edd391fa16b008aa53354aecccc41f7fff5ea0ddb624f50696f477728763ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 873a433422351538be6861a91e8e3c84 |
| SHA1 | dc109e61c7be8e46f0c64aa99c5bb3c861d1f7ab |
| SHA256 | 41698dff173a16fa284fd95aeecda93b04c299e60f789d70a227e43ea02e1357 |
| SHA512 | 143bf2d859eb7861848377925ade9a2c5e64543487535cf58ef6f94ff6e0ab72a87f62283fea039f9112e95abed6b71c64afe5ffe644e306aee23cf2269834ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6abf18aa8624066a7e62f5473b4618e0 |
| SHA1 | fccd21b72a8227f0cf6146c9d91d2fa9ada54a73 |
| SHA256 | 6e2d3fb5dbf2033bc22b49d1a4084e4fdc7f8f7e177a4d906d05232e384462a3 |
| SHA512 | 372b65031d0b0fbadc1115ccba48a79830ee0a09aa540916663666fe684942d231b6fe1e279a846ea33b345681ce3e0d54b220b762ca4a80b79265fcfe450027 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8dd005b1336d5940d362f06c88fced9 |
| SHA1 | 462dce6f4d405e13765932a6d31de177de24662b |
| SHA256 | 1c9d4afcbdc877b31000014bef697e9af113a46adf7b2f154324e8ee8a72c803 |
| SHA512 | 9bc518b940ca04119711b0c20694d2036df61cab9c4effa12ec60926400970bf51b402de6c51095cab21026aebcb904112cde66abfee5308c988102d2c4c3cff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 882bbae3508cf965e347cb6b152ec24b |
| SHA1 | a636b2e33d8c2d677bc27a8edbaebd4318f25f3e |
| SHA256 | 4f9476e1e31301ce133767a2c7e427e296a67d768c7ee8e857704e72e7ea8e3f |
| SHA512 | 00d047ee5272cb39f8691bc97464bce63028b56db25953bad6b0089764bc9b21df038374b43e6ebbecb94b0d1627807519a5823861a8b21aca6bb4f46e461f47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b8650e090961ef1c593ec839980b2c9 |
| SHA1 | 0dd63117a47074efec53a565c22e1c54550c6c80 |
| SHA256 | a8e9ad036d7029ea677bf5ed9f751b821ca4e92683ac068caa63e8741567bbe8 |
| SHA512 | 8e3a89e08d32fe8f2428692e014667b9c271c573ec0ac567990511b65b72952093e660477d487c30e5543ff869c2f90bd84c9c1199e88b52a4173d6de9f9a59e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8371dbd78d68eda93fa9a160f085c442 |
| SHA1 | 43d0758f641a9d4148ef508b17d5368842c91968 |
| SHA256 | fce651e391a92a8e02fa1488075cf54a9f9862c0fda0d9d437b6be8456827332 |
| SHA512 | 88b365b664eb160bf35d29ffd51891497f5d50b66efbf357e5a560bc488296aa81249eb48516d7754f3891204fca20f8a29a7241f257e4c152b88acfcc08e85e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 443c2f0551671a03a01240334d148490 |
| SHA1 | a74cafddd91e194e31e8e493f86f4e1329841d68 |
| SHA256 | dcf65facc8320167f3c14de96bd1197ab9091c2def40aa4d1e1fc5133fe8e213 |
| SHA512 | 53073c6160c26686775d610d5f085637e1d7dc8aaab2de8886d30570d1e0e575c40246c42b2fce19018813552d935b03045fe7d4d48c0ddd32cab05d0aee41c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c256f3459f46231a9213d27a84ec77c3 |
| SHA1 | 8712b4ed04641ae44b88abcda8de3cb1e5c80acc |
| SHA256 | c5b0a5f5e3cc45e8f3918482a7f6e72d35dcc93b0ef06307054d6f6c2a80c29e |
| SHA512 | 353fccd67da4167bbb80ba80752605102f8affaa026956663100ac3e87f76878ad7050b91a57be8d49d901f508da65a1e7fd821d51cb292f535801419638f266 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f710fe82b3893fcfe5d8a6fdd3399d92 |
| SHA1 | 20f03c73719496629ec0a8da23472be6e5df6d1a |
| SHA256 | 2bad0fb9c991f66c50a6a752d521f431c9aa448deb4543c4ba005aed47665930 |
| SHA512 | 8fcf62be3a688610da86edf775824f84e22a15775e9971a8724a0561a35c4483cb465d19b0f769bc59d4a4771f28ecff8b676215e6b3a4fc5702fbfaaab4ad56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e40c779bf3ae99c1fb470df17e71bb5 |
| SHA1 | 551ee6adb9db046f14087da072f284df006d277c |
| SHA256 | f6322afd86f0d2131541ef9a074c60ff07a78574108dad1d680d5449b2a89420 |
| SHA512 | c5037e90e40ec6e683a13bd5878cd5a41b9de3272160559f0c0cb67e73c122efccebb220d54c61cb3c069155f2fe1396b14aac0c9a3b9552230a3086cbad4bbc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ec861af340accfd9d030575279a0ef1 |
| SHA1 | ab86dfa4d5c8bba0acbae4babb1c8b010a03a1cd |
| SHA256 | e5c89a930cfa93be39cea0e63410309b3bd342252fcc6694ce909d2c733e7ed8 |
| SHA512 | 19c60a98fbe91687d339bb81e055a4908ccb926f389388697178fd395531802915248f13b2ded337b0404a782c4fe09b89a5cc836bcd869641e5990a0096b410 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | edb0bedb3a6e5c7abbbd80a8c2566fb5 |
| SHA1 | b356f7fa8ba61f4926ed978062192bdeddc84aa4 |
| SHA256 | b123bd91864866a242e10e32f90266e53873d39524e277f3fe779c0fa6bb0113 |
| SHA512 | af2311f2de2d09efb48b5c9e5104ab21ee68bd6f3b17ca45c1bd58efbaf592b3781ea320852fefd79b461ee7fde44ca28a0b6bb5c8b30ff0ce223c41b083e713 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c83a05251c0ac384efde036a518b117e |
| SHA1 | 34b58e4f4354c0431522965e6ecf4411eec48ff7 |
| SHA256 | 4d0fc3b298f07d02cf99fc1fd3fab0dc387354eb512590508634d29e50ea2ff8 |
| SHA512 | ac2d9e9f8033c67529233d37fb992d791fac2d193af7cca3ff5c5312fe898e13ce2896f66a1cfde43b428c06b52291caf5214d7fb055897dc675a961718a6e81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8df76f5efbd84dca9d862cb2e0a34de |
| SHA1 | 43d12a86faad2f584c42de01dd0d7deed2a166b0 |
| SHA256 | cd32b28ebdc305bcbb5467aaf0f316c8a6ae6e11314267ca5a82094d3f4d8772 |
| SHA512 | a7c2873872ade7cf0a9638d0940215aa20ae663ed5bbeb601c1a08ba23758a7658ecac67d9e6d047c27311d4f8a48dcaa3d4fbbd9b34ac4070aded01de661a0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6b87f39097f6702265816d5dd961099 |
| SHA1 | 3d96ae8af5e6719d6a6a51f46d2afbbc01ef2c95 |
| SHA256 | 07b0f5fcb879c0b15bf5a6eb81bc2ba60b74d703a9c8c2bf7787770ce8d6b9f4 |
| SHA512 | 578e487583db2113e0603e2cd04e3cac0400f4d055cfdd3114ed4d4f41061812aac8d023daaafb4fdf0cc46bbe54a457ae37c53af93384196c39502939fa4e0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 159a7ee3609a27cd0436ea5c61dcb21e |
| SHA1 | 21bf06a1707552af5bd6039703efd73edfe1b4d3 |
| SHA256 | 41eca23057f64a346b5921d63093100239901292e58c36a06e0af538cc907dfe |
| SHA512 | b18b9a2b1a3f8fd53ab30e2ed672d90b49ac4bade40d56a03035ebb5f0a35499bbe29f99ed530f0eb8d9baf8b7f534cb073d6f5374b91d7baec5ec702bc05d37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d356e1afd5b99ee617b9797967987ccc |
| SHA1 | 994c562fd2ac8a03520c8e0bdf4898d687fb04b2 |
| SHA256 | 71d8abc4be67bdb30370d9d128b1d00a6f5fd0c77e19bc68105e4dae0e349dc7 |
| SHA512 | 0d8635a25a526ea95908febced36e1ed9dcda8fef24966962a9040a405b5a43afb4c64bd50950eb71a6e06db446abddf9651a987767244fa048995fe7603c0b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b152b7802e754d98b5d9126037d451de |
| SHA1 | f7caee21d807326a5b878c69564cd5ff2cced7d9 |
| SHA256 | 46fec21db503bf251fba96b46572422e07f6e3f19d71069b01028f867e6aeb28 |
| SHA512 | 991c1f9ff7e8d8da38bfd408b3950fa877535f9d225b074ba6d9aa6342cce285469cf0995b8bbdd9a0cb4e7f52f5c851d8ca2b9de510b0f2224237c27ea0eb5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8b3bd0d3cd6e2cb4f9cb12b81b38def |
| SHA1 | ed9845600a8f4d70f68adbdeadd8e1bc2cdddbc3 |
| SHA256 | dae6bec326f8c2dd8b776e367fec4f3f3d3666a20e89e00bdf87dcb10cafaf1d |
| SHA512 | d72e0acb9660f099be86b4320065e2e4d43b23c1147da488cdcf1208f7af3ca5393879e5fec6abda456cd12f52831ff6fcb30d1fce229cade09e7df985d711f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed20f996dbeb09e5a3b9449b9d4c9a81 |
| SHA1 | 1b0b4c8ab33f5be56dffed78a1e3b11ba93b4e9b |
| SHA256 | c277f032257a36ec6370e31be63d4f92c422292576b1e908c8cd360916613338 |
| SHA512 | a88baba6dfb491a46a63b264cffe0452296e08d18dc49edeff26dc7c02685c657415992681d0824c552f6ba6c996f268b1f1fab56c471828d92351d337a0a681 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f56e0084f1594726ad99201982f5584 |
| SHA1 | f677e6c3b6c24e83ed76b76bc59c938bf0ff60f3 |
| SHA256 | 91be960ffb73ce0778aa894970d5b0b881ddde70c7235afe4368272e04f3036c |
| SHA512 | 69ffba5fc3f4a92838a5a2785e44e5efae47d077ab44ced7b05249fe3e34c82d696612d415da07d489cefe39dff0ab84f245033779d34d6487de4db96d709e6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 111b23d7d1d1f3c409a77a1197c85ad5 |
| SHA1 | a47dd9374941c8609c24dbe0ace57bb337457a8a |
| SHA256 | 9a3a38dfc316501984c44c32231b685dc9a75d9e93cbd9aae98005f67ac33480 |
| SHA512 | 0872d3894dbbb7320852ebc2d08f71320ec3d8c856cc5d99428dee57c69a20d402e3d65d1b6c6c9c2591df4b56cefded192e2c2b60872517c2ab566bf8a3f636 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92d802ea538f128a3ab12a3dc7c4d3fa |
| SHA1 | e584c72003a58ff9f5994f2fc3c0bf17c0a15517 |
| SHA256 | a9e274075bac897fb868e8841b7fadc5bc9a15fcf53665a8f89b00bc83f08239 |
| SHA512 | 49a8e252e31f6041d763d757b49b56fc82ce4b8fa68c75ed5fd137e3cd5ecd75f00b21c1d43cad3727b6131f7c14937b733d504c04768e5f4faa4c25db3ae4b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9468680d44f318d2bf76721dbf1e7495 |
| SHA1 | cf80fb92b8032a34c80e6fad197201b64fcef4be |
| SHA256 | 20e7a33266c6c7f4a2963229cb3b420380b6a7726b55926a03f716aac71575a3 |
| SHA512 | b2dca8584497b38e25452d11b0355595b49cb4140caee650e529c5f8158c3b0e54a2cb8c302f794d3267043593872a74f3bb521eee1d7f4245c306a6b55babd9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0026db88e10909a164d60f5ca882e4a4 |
| SHA1 | 12c0da72d79ccad946a1f3ae108fab25b0ed1c77 |
| SHA256 | b03cb9eb60277a3315275de662353a29f755d113e2d6e7d1ab9e3b0bf0863913 |
| SHA512 | 2704e457833485123dac95f42d1bc28d71dca734d4b5c6bb9553160c78b8046449e8de79c33daaefd88abf31b71daf798d70bd9dc3e1e7b79a896e8bdefcf9e1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\gtm[1].js
| MD5 | 5ad0eb18bd1b9b1093e533cb0158c50f |
| SHA1 | 63d0b777e4ba19349af0c885537dada8c33d1a0d |
| SHA256 | 88bf843c583f86fe8bef8fc0fa71ffa9f55750546afa132531d98e95010ffc05 |
| SHA512 | a2e89c01f04a898c777126a4bfe60397eb189972f64aee4c4c14f445935375e9217f857e8976e09cf02a9d567f8961cd451fc0a385bd3a90eada3a7469996724 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\js[1].js
| MD5 | ee8601e9846ba18cec6e8813975d2d27 |
| SHA1 | 9fbd7969d633d99f4914113997f17b95f63abbd7 |
| SHA256 | 0572d7fc211143c265544ecf3f79f381ce9bb443de6b965059fa44c0a3adc034 |
| SHA512 | c62f47aa783c9ac6570090e87017bc1405b81f131bff00ee2130191dc56666ac4488728c8849067a1e52b8ab7687b0ccfa0fbe0a50e1dbdddd264e8b08b446c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c463d968e8e103a14ac4832ffb37ff9d |
| SHA1 | db8bf43d2ca59fed2d68559d3d1893fdda47a0e0 |
| SHA256 | 754bdf6509cac323c51e0cb678101b6caf67ec76c02838e7d8a6e86f173b2219 |
| SHA512 | 8957769f0d93716425e1fe8d8b7bdf7718b4e7310a40c9827666e1d9a61285b39f29b07a95c7840f0e7316ab38b64b7b4c7e340c4fb659f9086ceb4c0a63546c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83782310c8a529f436bd14a989b04c04 |
| SHA1 | 33720e56acb497b001b2e64164ac34a331ddd67f |
| SHA256 | 2c32a29373e0c4f32c4636f54707a8f6ef7ea354f0f568dd84c1bbce2f2a1a29 |
| SHA512 | f2f60183a669b03290780899ebab7ec6c19177a9141a1a5e2473c78b3a666035de852028156a4dead559130b28cc143180f4d58f1fad7fbf137cc29348f1bc6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 017bf5cb8d1ec2b11c596dca6621ffa8 |
| SHA1 | aba55a605f18476e3748a00ecd1da175d3b4e70a |
| SHA256 | 823c38e13f7ded322bc8794bfbdbca5964f4effdc7729b329765d67d3bce7f7f |
| SHA512 | d8e7be693896aea02b34c6f5a2be2970477d65c7235586fbce0c9edc062c7bb3f6f34f0e8219621ced8519edf1d51f23ac45a09864c39211a98c1f68751d1784 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 398e50a0c747b0d97cafa4476e6b900f |
| SHA1 | 83618e37f1d574293c93965100a4b67ee1f87e89 |
| SHA256 | 716dd0c81ad025137804b271eaf302e436cd5997279b2beece149678c9b09796 |
| SHA512 | d4362c8e023b8f7b4736e154e6c1a3829bd2c5a3b0d8fe21bc37238f2a9da9a0af19f3c0a7a363915b49246e16546147c30cbc5d71c553d5647a4691f30a63ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f071d66f78cf8cf8ee89479f6976533 |
| SHA1 | dda4f9b9fefc3f56a18aaabdc1c2a462acc41f04 |
| SHA256 | 6739ca4cd2a9581db7cfbb590d18643ab94bd45d783a306355168e6ae177e2e3 |
| SHA512 | 53073052a1b7697b57d565c38fe4bc040eb3f42488ad325daaaf2ef99434293c7eec3286d607b1184e5b37b3658fa41f95e3b2ac79461c0b9df90761d81f7d5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee30048d68c2ec42b63e1ac3f3ee100f |
| SHA1 | b774c1a43c8fd5d7cfcf7f286b0298db7fb85582 |
| SHA256 | bf1fd7237bbae24a1ee0c33ba6fa21b37ac94eb8606213c2be8ee49504c96ad7 |
| SHA512 | 32dcc260458090baac2a757874b0950578023abb72211519c6e1ef3db249ff54a575e6f3ccd4382bbe3ec670708e27cf454fe8e56339b72304ca5f15f0cc14a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a87b569eca5641418d92679c3608231e |
| SHA1 | 53b268fdd53622c05af531b8a18c730d2708fff4 |
| SHA256 | f524eeac4b0c9f65380675307f034d3d401e703a29e3829bd70c63220a6e8f22 |
| SHA512 | 2c5eb24590d99ae476886809dc66c6ce9623be8e8bc6123b4f2b8db5f56031ebdcadce19c1bd3f2596fb329dfb55f56cfdfc636dafdd5f272f6e39a7e40c606d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf7290991839716a82ab53c405c89b59 |
| SHA1 | b5edffdb9f999609c5f635cb54de419f4e876641 |
| SHA256 | 5262f9bdffe63fc9daaa83f4f883c9ad565ae711f87bdc4ace2214d55f360f0b |
| SHA512 | dae6f6a915080bcca1cf331beac9eb9d5ad63d50946f18007364a4ee79739f255c55ab006e1ea5b8997c7f217ef51c1d686ac723deaf39a35af4754b0481f7ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e129e99036a6271f45ca3809e02e561 |
| SHA1 | ec4d06a0ae86af825366348eaaea9523761af141 |
| SHA256 | 82b3bff5d5528a6d45db1fcb63c9fb8f5215328c8f324c5a1f770973c5e7fb19 |
| SHA512 | ac8188538b6358f2f8f4047f3077d9c14285439cc33d9a6ac5578ac36b0cd0e13abdfd334d27acf9acee575712131a5185a2417c05689a3568c89de671fbc2cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 283692fccc25d48c1bf71f4987564cbd |
| SHA1 | e7a85f7652dbe246fa2c13c32bac9ee44b2971d6 |
| SHA256 | aab293e7954861947780b91e42a0d341b3299db3cc4f9ac670fd7f02766c0441 |
| SHA512 | da109a9ca95cc32f120680761e3c669dee71d304f49063f15efdc2e519767a38502bab3ff62401f632ff55c4b82ec6bea4b8d1686603d8ffbb739cf8dc8d473c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b87906b19ed3b28d31f09a13c28894a8 |
| SHA1 | c521f3703a4ae5c332ccf2fff3c90a4b55a0fe67 |
| SHA256 | 1db10cbfd4afeb26830239f0faf089798e5de0b242fcccd2be97f00e81f1c568 |
| SHA512 | 348bbe9828d205f3161d6ffb7d1e9d8dc9820b59770e8dfcfe893218f8f91949ef32945dcb01729f360a695c394e32a906f564daed4f6568d5eb603169a9f657 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85e67cdb6b66c3681eb1f93aa00ef703 |
| SHA1 | acae6b32ee4b5431628c9e3401b5a4203345ab42 |
| SHA256 | ed303655960efacda84f7c034e04dabebf97cb7e54471f903c74caf733f951e8 |
| SHA512 | 431d134905e97fce762b19a314ddf6f0edc119f3bbaaaae95ec8debd03483058b522b8b6e9482e4651f9d5f27c550a8135ffc02eb8cbd41ff8b7416d97c28965 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2eadda2be053907251c3608c8e76eee2 |
| SHA1 | 35d9fdd25feb5ebd03750365d708cb72d2dc7516 |
| SHA256 | 9a4af590f4e16b95abaa4bf0b8580da036895c5495ce7a5537117fb2db35ac84 |
| SHA512 | 4c11ca05dc57b332e4dbbd2cae8a3be28ea468183766d3a75b62f48c9082a4bb16fc9a1d90e1b189295aff2a67836cb1c6b3037a08c4c5532e0aae8d525c8ebf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ccca8c355fba4b3c794c52504b670aa |
| SHA1 | dd90818b5eeb4f05b171ec000a030d42cd562774 |
| SHA256 | 64b373751859802a1f8a02a56ca70eba3742005aa95800a263cd137b2e21646d |
| SHA512 | 80e0b4168ca2b8427892d0137364472f455716aa8564e6b1d8c3713e93481b0f17d9b81d46ea2086d8a5de81413cd17525b115aca4de9ee188a88d80af900979 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c24e901480df1766add23969c492c82d |
| SHA1 | 1e1e90d4647f3d7e11c0372912f106d75ed5edf9 |
| SHA256 | 3c8297ad581b6e897f0ce75c2b5b46d1bb460c7bc2827ac04239e20086deee87 |
| SHA512 | a157b1d4b945e475c03604ae61d4d1df3a6f69d71f5210433f45377df1d72c8ca22526e75942060835404916ced59b0913a2470430d7276bb991c9749ea67401 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a2eaf5ccd0ea0cc6ccaf1051b750803 |
| SHA1 | 8c96964d0b1e73c872d1cde830ea3690278c6925 |
| SHA256 | 2f62fb42ce68fe358c3a0b54c02068f893080377d010873def2f8b411d00b287 |
| SHA512 | 34e6c326d1749c80035a56123b956995fc3170e1564b1f3faf77849a660c180b4b32003b09dba80ec2b588dac1a2315c5fe6d0eca858fbe982fe19347fd067fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4d3c7985d011b3ed7e0480406e2b6bb |
| SHA1 | a320c07cf9a01ff8aacfb650bed1f5c898caa3aa |
| SHA256 | 51b3dd205a40bc1e4931c929e743805a31ff8d25ec6a0850738d22c4cf311a4c |
| SHA512 | 476a57dea1069fe59830594335a55a5d05b674e6b16788d434c4e0bded442800e3b2d2e177310d43cbeb149639ee9f3ea5dd7161b237654f293e044d6eb044f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0245c7dab21ddb52e2c6f7c7c7154ed |
| SHA1 | 18a86a2c2cec997d1482ae6509e45eefb59267bf |
| SHA256 | 62ad74739b891c06d5444568e512f7a64aed1020c32f2af3ea276b13b35d7054 |
| SHA512 | ef128d322f33b03ea89ce286a5ddf0184e57a18b368d7d09c1be9c7237bdd502645788da269198abb330802b4c8ab4245fd0843df67b824d428f7ec61e4e8dd7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80f730a01ef29643763019fce5ec3804 |
| SHA1 | d7af0c3d9d96f2c0a08b84cdc25714977f2c6595 |
| SHA256 | 0e275bd1d9ec44b0ef0fc73640913d1526ed5ea17f028bd9d4b74628aa610a19 |
| SHA512 | fefd8abbf43fa3d3d2f06696c3466033bc772bf1d43c20e7ee3ba56af2f1f36eec6b494787185305b22aae072e2b2149b570b4613bd9dd80daa9d492ac42b879 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28a83150308821245696f9487c88e155 |
| SHA1 | c845f4d22c891e80e6e36090f8ce782b816ade5d |
| SHA256 | 9a869de7ee716a9bbb37a5cd2a09ada0d5f998a5c3b4638efb0dd86a9a4872e5 |
| SHA512 | 1a2420f06f1f26f827f1e807317aeb6b80d4b40fd84d9e4759c2c7df0e1d01bd3e11954d1776c737ae2abe182f30a73a8ef9ce6b950e6fd175bb94c7ccc15d71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d29ec86ad3108f9f2720c12a626a8107 |
| SHA1 | ccce1f0b02226507649b1da78e7079137e49ca32 |
| SHA256 | d989308a861e7c93322d501fc43afa067222665757ba90d2dc671dc92add5445 |
| SHA512 | 0c0a2794a9525087d4462764a914dda616760b61404a9b5b846786aff96760bd90a19449cdaf3613682bc5f2419a5b158fb6fce404dd4b552d586872d3f62b61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5abde35e6723699174b1c1bb120c76d5 |
| SHA1 | ac954fdc454ed183e0efd82eadcb3ff22bf16cbf |
| SHA256 | d5d9797696efd749cb5d2459d6eebe2f414eeb8fadc1e07c57b1e6ed82e9012a |
| SHA512 | 7be0176ec5d0f5e2edb8dfe2ac72bafbe4cf316ec296766da866f4d0fc626cbbea96ba30086c351280106ef5dbff9f90470b9e0a4ece13dd0f9dcae7fcf2325c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84dc763bec2a83153d035c1da5797777 |
| SHA1 | 99309655fc6895214c57549e0a2b56f1c7aafe08 |
| SHA256 | 8e940f122511d3c610d1af6427f5a20b66377a82731bff5f9e14217deabc14ac |
| SHA512 | 2356994c16314a4f6549c3186488ee03619131a10b0ed40e25078b6ed3e89b4ebb0a4f68b180ca8ee469281e07dd1b5e4e1f31589018c9085ee3d564a176761c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14f6960e1f838d7f18bdbf0384e2b670 |
| SHA1 | 66651aaacde7cd58e6b01cc78a1f3038a6c35d1d |
| SHA256 | 4c713ff08d8a47139b2f64bebc7baf9c734870603847c87428a347fd050fac3d |
| SHA512 | 8fd06bbfc61f37ae05116ce01a3442f347c5882d5cd3addc7e92599d47f37cc55e5941d66e129f47bfd1a516044e8578258a854b249314e21a9cd1b127777f27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2717ddeba5f71911feda8413966dd7b |
| SHA1 | 3647462054ac8e5c7febd38c5ec2fb02a67e2519 |
| SHA256 | 5e2468d56797d32e94462ef7df9abdc2f7cf470ffecfe2128e8097fb209e1604 |
| SHA512 | 999286544fb8f0efbcad3b907a92be245cea8104c8afbb271637e97821f91b56b74ede36344afe8d08e6867ac4d777f61c29559c41ed137c2358d93fb28834c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6b6a8c1e09f90b753ef37f4382fc738 |
| SHA1 | 98b573c886e588672c2c72aeb6d0c06b781ee2bc |
| SHA256 | 268ae89b3d2f59db1893516e8e9183f81d96e300ed11f28eccf5c3c245eb7acc |
| SHA512 | e6db8c152988390068e5b06661670d62314f8cd48e64ea0b738908b0b9963bd51f1087536fc699168225521e3e56cbe7fc45ee73e8552a73fe2dcc21f090dded |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ec4f0237eb384dc6e11b266bf325ded |
| SHA1 | a309818740215cdfa8d87bbaccce851ef3fa9b9b |
| SHA256 | 7b60e52e578c82be14e74942be8db7725f6d679045a81ba11af7b5405897bf6c |
| SHA512 | 0eec4c22e141f83d5c9b8f6ac2a9cdebb057599cf0f0b33025820badb0a41a7beb43f6e3394fa1add22c6e88e0c4e8962a1d4e69c0fbb7eefa5886de4e401acc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a23585b94e0cd9a22455e908a928b121 |
| SHA1 | c9eeca73fcef1b17fc43c18205e3f52a266608ca |
| SHA256 | 7b199539d35987fa6b0890ba79108e235c34fd04556edc1a84940d2b819d3a44 |
| SHA512 | b8ba3ad5253d4044be36c22b73d3e5f81cb94561abec8624131f9f698d16c7087eac12775adbb9ce49832e23e925a584a59f98bd67ec71785713fdb39bf3ff89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1588a85735ff49bbe85b3a472fe96a2 |
| SHA1 | 1f0065b7ba363daeb6d4bb12aa473cbfa91dbfe1 |
| SHA256 | 96d078c544f884b8e477345d625d5ba5e74cdf294a48392c47cef9476aed8204 |
| SHA512 | b1560ea61c453891353d7b5d6b20992f4294d1d5f7045ed26a788105fbc15a42efeac6f2808755c0f837e20b6027dde27b56bea5d4d331d65212de441a982e05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a513d72b2025e19bbafc8c8486497a7 |
| SHA1 | 6732e127ddac9ab86010cda090a2eb3f4f782e3c |
| SHA256 | dd3579ca356a2b1d78e92a3eccf2b6ab1e4a6fef5b0abbda4b946164bf60e266 |
| SHA512 | a33e36970d4371f71ece20f81ac250a7dd84066a79f4ffae0fe3df1812bf6914cbfe54f64a7488a731aa7e653ee715a45dc574cbc6c7c3b977e4666403f5a76b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55d5fbc1579362af2feb1ca446527fd0 |
| SHA1 | 5bc457ea099dc1f9671202e781c845b5f97f77bb |
| SHA256 | 6c530368e94080b61b8176ce19f6ff155f9aa97f37c3dbdf2b7e5b627ec8d350 |
| SHA512 | b2fb064c147af938934109a5de9142f7075ca89116c7e189ed825533600cf675a5ea7707669c7d61fd7909d207365cdb8d55e3fc95b7334381b972c63c5a8867 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a604a1729d523cc1d0bdc0c3ca227ecf |
| SHA1 | 001a074988319de3a7d84da97c2ba0f73aeb3c58 |
| SHA256 | 2349b99d4a0a1dad9d88729b54bb646b602a730f13d55e3fb0673364f57d9c04 |
| SHA512 | e0fc5a2cf145800b4513b49a41f35972bf544c2958cb7ca58e3a9c031fe7954623acf6c16a690e7b7058ff64398f4faed83e512a3e225ff523d94e53efd88121 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c3202426f7bd6fbb9f1411966c5c8c2 |
| SHA1 | d47b15c466d2e45294abc938598ec8202fdec542 |
| SHA256 | f4752e173fa6abcf8805d13954b66d16e60fdcfe502673e4dac99220119c5977 |
| SHA512 | 2a95c5bd2cdfb6bb93f2568590679855023c45494a192a2eaa2b2f9c4afa0c419b31c0a6e6f8d4e2b5ee906acab10969927cdb77961b034594b7cbdb6632cdc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7a3de3ab2a9e3e2929f5abb7460cd49 |
| SHA1 | 58f6413df394d37b0d14ed6a26e8591524bbb00e |
| SHA256 | 2ef67a18876a0c699cfb69fb037a894d85eadddfe6fb2a6fa01619f904f13e82 |
| SHA512 | a93dc2e1eec04d489614d08fdfe750cff8d1d233861e89767fd23bfc6f80bec0b6a36321d7f00013f11f4a9a2d1e9d8fc24e36e4cfb4dd909dc0eb57e56b68d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc9186dfe48f6b0cd01e04a9035d0dd3 |
| SHA1 | e96733c4e2d2f8052d869532e7305b60b933aa58 |
| SHA256 | b5a58713ff781b43a7be3fbaf43ea32542661c81955993c7e2264902add9a84a |
| SHA512 | 33549d3366fef14dbe896a45c8c87d970452fde63c53fba4c0f23f8c4cc15db5af97cc6de502bc8527fae9247978a94a7c284743aee154990eb8189e3236e2ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3dd211ff1fd772ab577853f682360a80 |
| SHA1 | 1a5da50547ebb00fe23e186ea31335c707c56b5f |
| SHA256 | eb6b447ec063e3723351e430b56822a8103b849401dee0137e94568261b236a9 |
| SHA512 | 1f36082626dd6334d7343fa04ead8a07cc3a37a4ee0fd0d543eb94ffbf508ed91d60259988a9edc52e95b6dbe51575e748f6864ce21dce6fc06d88900b24b7ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a7f3bd8f2b64150a594fdcfee6f6969 |
| SHA1 | 0a153ee06762d202560c6c121bd0406fb8da57d8 |
| SHA256 | 01c0043b21eab496b4e8e25d361e1ba3732080350ca3beef0ae8ee38ce76932a |
| SHA512 | 9c9f9a0b6bf0114ecbc696c72c3f63cd7d6a2bfe12e7a135972d6c66ed57ded54ba05052f4c71223fa813333fb2312aeace4371fcc9260bb7979bf70e84fa9db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7587df5ae0b4f10d32f84051323d2250 |
| SHA1 | baaed49965a8e925ea7a6b45c4e01ea7afafdb41 |
| SHA256 | 1eaf1fbc0978ae49a85062b716df467695eec26806927cd7c77e8fa1a32b869e |
| SHA512 | abbefb1e3c6b2f608f7a049232a660488eca5ecb063df949e2d123a3d3e8b3a22b10020480ccb86b0b3eb4eabb355dfba7c95e3c9ce719d7316fd4a59b245975 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76f940abe548299103e679fffa17c581 |
| SHA1 | b3a47d80effc90885ac793bc625f2abed2c1736a |
| SHA256 | ad323fb2e021758ac2c993da3917bfa303136232b079182d131ba9cc2677740c |
| SHA512 | 7ccc47a366b96dd2ab68f1832e6e87d6fc1718f57471e9a7e8111f508abffe875734faf809241d838e7a406ef2ca553a5e667245b5b968acf9696db626c5ccb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 987d3a481503ace61a94370cb4413d72 |
| SHA1 | a4f73057bdbaf6997c0bdc5a51f9aef8bdddf782 |
| SHA256 | 7efd406550d44350e3129c7c985635172ea2179d6239c416ef7ac18837ba1fa7 |
| SHA512 | bc82e04eecd8fd114103814dba7279faaf0c3cde3e172c4858cafe4f8dd1de63d556e5d7cdcac0e900811ecfa9df0015ab4bd6ed560d4cb7ac6e8107bcc49dcb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a18a0340a22644bbc71ab91ba177502 |
| SHA1 | d9a6cc04c9de58cf186b7d4dc13588e4dcc4ff2e |
| SHA256 | ffb7ee476d521a9ed8195e09cc3c9cd6dda773fc126f611cc6400291b510de64 |
| SHA512 | 717bce758cb914188ec515c73103f6d71e5e9e93f79348c55f065bcba8a98ec3b67e1a0d5e0966cf0ce4e098a50b12a2291407cbfda0e75bc4db4877a09bdf28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be87e7d3f1d04f9ada328b5783b40143 |
| SHA1 | 09f1d1bb91607525b4049f6fbbae1fd7e7af3935 |
| SHA256 | fa749b503f009b1b7c371fb824c76889179d4635552a2295fab2255c8eed7a3d |
| SHA512 | 719fcf6ebb0fdd6ff7e5847d5ab36f3495f9bbe2a764ac8d29de7b8659dd6d14db826f55f2dc2316ec92c0c5c329306fe510a9efe4785d3fc051c745c4351da1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59f12b25c5f29385f86b471b620ea00e |
| SHA1 | 63c458aebe950384970c067dcdad1a4b20e05cb1 |
| SHA256 | 037710aa16e122da96b68b282b4043339b28e986149964b8a9305a2d6d760123 |
| SHA512 | aaec31497adad22709d267d09ca72d8c7dc63b56f07f6bbd2e5ed6c61b81694234156347175df99e8a42b90ec9bbc0914d006fe47c5793fefe30a00a4d0a862f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9adc8bfec954349abe6906e25080153f |
| SHA1 | d985487eafd8906b431985fb7d5fc5f39d6f9071 |
| SHA256 | 8f13500fcdc57e84aea60d2803a4e682edd6e054a2b45ffa5e257cb720ef8407 |
| SHA512 | da81aa443ad56ef19b10200eb8d65f1ddf88c2ab0e0440ba3c42f5621076cee228c8b2e5c92e0dbcd67ae3f4066ccc9ca0fa037d3d2a0c7448ab3d6898355b4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79b725615403882b214c4e623b4fee0f |
| SHA1 | 5a0fb68935f5830e7b29b21e60c1fbf369ecd41e |
| SHA256 | bf2148d2af5de18cb17b7fad467166f166f555e8eeae5c99223da56321e8aa10 |
| SHA512 | 03398ec204005b071f5c89f335965e839b12ac679727bf7e0a37bcad6126b881017c29cccad312527abc1c83a5138c39b9e058c9f6256850ec583572e444f407 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f487fe72538822e489115bbea3c2b7f |
| SHA1 | 7e10ef726df2b3e1d7a3566be6c2ddd9178f93a1 |
| SHA256 | 782699c0d7fb13fe7cecc4b6a033d65a9eee7370e553a2bc908c183e351e0e13 |
| SHA512 | 97276e6c5163ac5b2a25570f2db48f52c027f53e77dcede8df05d783d5ca17c3e80952625d93adeeb76093c3935b5a1e6653fb4db2424648239438d636caedb2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f19713755951fe0b96da787ab10c6c37 |
| SHA1 | d80a17be73aa67c3af3db8de5a748fa6b5289ada |
| SHA256 | 5e4b4459b9a7dc4fb71e8584d09f73d720f0d107c6d06f5394a059ea9a678db4 |
| SHA512 | 7d836ab09223a09c3f51fcc122914d3b5146b8aff1f84aa018a34e63a57a49c5a3109f589451db2f254e550819295c3755f3c28193e215d582ae0c1ef8fa1e4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fcc46f9bf259f2b955bba4ce3308b229 |
| SHA1 | 40e2cbf3b7c20a6263027cf1a5dd8337ace1ce9b |
| SHA256 | 3bf4178bb3d3d2166578a2d42593b095dbe4ca42a6564d30dd955a16ca7a9d57 |
| SHA512 | 0483393661f29613aa0dc85e716a1371aefe5f3ebfd1567e6eccf7766e1d90e95932f5eb1dada2bdf58101254c2a3fa051a8a7792f6eeacae4a451a1c1a886e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 416b7a0bfc6669b00c809900349bc003 |
| SHA1 | 6e95e357f58926faa116249b9bd6cea492ee61c7 |
| SHA256 | 1bd66f9035ea847baeab1ea8d5b15c7e42f63dc816d6b4e02250342a4be43057 |
| SHA512 | b2c0dc4364cf4f41b05a0c6ae706cf02429d29998637be5297c5c6bb1694255ff95b3bf6bae04eff22908fe456308127abe414d06b82de07cc8b9cb4b4ca5508 |
Analysis: behavioral21
Detonation Overview
Submitted
2024-12-14 20:44
Reported
2024-12-14 20:51
Platform
android-x64-20240624-en
Max time network
9s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |